Total
105 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18246 | 1 Libav | 1 Libav | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file. | |||||
CVE-2017-9987 | 1 Libav | 1 Libav | 2019-09-02 | 5.0 MEDIUM | 7.5 HIGH |
There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack. | |||||
CVE-2018-5766 | 1 Libav | 1 Libav | 2019-09-02 | 6.8 MEDIUM | 8.8 HIGH |
In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file. | |||||
CVE-2018-11102 | 1 Libav | 1 Libav | 2019-09-02 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. | |||||
CVE-2017-5984 | 1 Libav | 1 Libav | 2019-05-23 | 4.3 MEDIUM | 6.5 MEDIUM |
In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read. | |||||
CVE-2017-1000460 | 3 Ffmpeg, Google, Libav | 3 Ffmpeg, Chrome, Libav | 2019-03-30 | 4.3 MEDIUM | 6.5 MEDIUM |
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. | |||||
CVE-2017-17130 | 1 Libav | 1 Libav | 2019-01-08 | 6.8 MEDIUM | 8.8 HIGH |
The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to vc1_decode_i_blocks_adv. | |||||
CVE-2018-20001 | 1 Libav | 1 Libav | 2019-01-03 | 4.3 MEDIUM | 6.5 MEDIUM |
In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input. | |||||
CVE-2018-19129 | 1 Libav | 1 Libav | 2018-12-12 | 4.3 MEDIUM | 6.5 MEDIUM |
In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file. | |||||
CVE-2018-18829 | 1 Libav | 1 Libav | 2018-12-06 | 4.3 MEDIUM | 6.5 MEDIUM |
There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file. | |||||
CVE-2018-18827 | 1 Libav | 1 Libav | 2018-12-06 | 4.3 MEDIUM | 6.5 MEDIUM |
There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. | |||||
CVE-2017-16803 | 1 Libav | 1 Libav | 2018-11-27 | 5.0 MEDIUM | 7.5 HIGH |
In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream. | |||||
CVE-2015-5479 | 3 Libav, Opensuse, Ubuntu | 3 Libav, Leap, Ubuntu | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. | |||||
CVE-2012-5144 | 4 Canonical, Google, Libav and 1 more | 4 Ubuntu Linux, Chrome, Libav and 1 more | 2018-10-30 | 10.0 HIGH | N/A |
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN." | |||||
CVE-2016-3062 | 4 Debian, Ffmpeg, Libav and 1 more | 4 Debian Linux, Ffmpeg, Libav and 1 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. | |||||
CVE-2012-2790 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2018-10-30 | 10.0 HIGH | N/A |
Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode." | |||||
CVE-2012-2789 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2018-10-30 | 10.0 HIGH | N/A |
Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs). | |||||
CVE-2012-2788 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2018-10-30 | 10.0 HIGH | N/A |
Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk." | |||||
CVE-2012-2787 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2018-10-30 | 10.0 HIGH | N/A |
Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height." | |||||
CVE-2012-2786 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2018-10-30 | 10.0 HIGH | N/A |
Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write." |