Search CVE reports
221 – 230 of 878 results
CVE-2018-13303
Low priorityIn FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4,...
11 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
| ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | Not in release | Not in release |
| mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
| vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-13302
Medium prioritySome fixes available 14 of 90
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while...
11 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
| ffmpeg | Fixed | Fixed | Fixed | Fixed | Fixed |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | Not in release | Not in release |
| mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
| vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-13301
Low priorityIn FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to...
10 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, libav...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
| ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| libav | Not in release | Not in release | Not in release | Not in release | Not in release |
| mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
| vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-13300
Medium prioritySome fixes available 13 of 89
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI...
11 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
| ffmpeg | Fixed | Fixed | Fixed | Fixed | Not affected |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | Not in release | Not in release |
| mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
| vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2016-10579
Medium priorityChromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by...
2 affected packages
chromium-browser, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Not affected | Not affected |
| oxide-qt | — | — | — | Not in release | Not affected |
CVE-2018-6126
Medium prioritySome fixes available 16 of 19
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
4 affected packages
chromium-browser, firefox, oxide-qt, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| firefox | — | — | — | Fixed | Fixed |
| oxide-qt | — | — | — | Not in release | Ignored |
| thunderbird | — | — | — | Fixed | Fixed |
CVE-2017-6888
Low prioritySome fixes available 3 of 29
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
6 affected packages
android, chromium-browser, flac, mame, oxide-qt, praat
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| android | Not in release | Not in release | Not in release | Not in release | Ignored |
| chromium-browser | Not affected | Not affected | Not affected | Not affected | Not affected |
| flac | Not affected | Not affected | Not affected | Fixed | Fixed |
| mame | Not affected | Not affected | Not affected | Not affected | Not affected |
| oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
| praat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2018-7751
Medium prioritySome fixes available 1 of 51
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.
8 affected packages
ffmpeg, gst-libav1.0, libav, mplayer, mythtv...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Not affected | Not affected | Not affected | Fixed | Not affected |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | Not in release | Not in release |
| mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
| vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2017-7000
Medium prioritySome fixes available 6 of 11
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial...
4 affected packages
chromium-browser, oxide-qt, sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| oxide-qt | — | — | — | Not in release | Ignored |
| sqlite | — | — | — | Not affected | Not affected |
| sqlite3 | — | — | — | Not affected | Not affected |
CVE-2017-5133
Medium prioritySome fixes available 6 of 9
Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.
2 affected packages
chromium-browser, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| oxide-qt | — | — | — | Not in release | Ignored |