Search CVE reports
131 – 140 of 479 results
CVE-2014-4610
Medium priorityInteger overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute...
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | — | — | Not affected | Not affected |
| libav | — | — | — | Not in release | Not in release |
CVE-2019-17542
Medium prioritySome fixes available 2 of 4
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
1 affected packages
ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | — | Not affected | Fixed | Fixed |
CVE-2019-17539
Medium prioritySome fixes available 1 of 4
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Not affected | Not affected | Not affected | Fixed | Not affected |
| libav | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2019-9720
Medium priorityA stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
4 affected packages
ffmpeg, gst-libav1.0, qtwebengine-opensource-src, vice
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-9719
Medium priority** DISPUTED ** A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf....
4 affected packages
ffmpeg, gst-libav1.0, qtwebengine-opensource-src, vice
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
| gst-libav1.0 | Not affected | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | Not affected | Not affected | Not affected | Not affected | Not in release |
| vice | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-9717
Medium priorityIn Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
4 affected packages
ffmpeg, gst-libav1.0, qtwebengine-opensource-src, vice
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-15942
Medium priorityFFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.
1 affected packages
ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | — | — | Not affected | Not affected |
CVE-2019-13390
Low prioritySome fixes available 2 of 5
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.
1 affected packages
ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | — | Not affected | Fixed | Fixed |
CVE-2019-13312
Medium prioritySome fixes available 1 of 2
block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.
1 affected packages
ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | — | Fixed | Not affected | Not affected |
CVE-2019-12730
Medium prioritySome fixes available 2 of 4
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.
1 affected packages
ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | — | Not affected | Fixed | Fixed |