Search CVE reports
81 – 90 of 297 results
CVE-2017-16803
Medium priorityIn Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of...
1 affected packages
libav
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2017-15672
Low prioritySome fixes available 1 of 4
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
2 affected packages
ffmpeg, libav
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | Not affected | Not affected | Not affected | Not affected | Fixed |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2015-1206
Medium prioritySome fixes available 7 of 18
Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.
6 affected packages
chromium-browser, ffmpeg, gst-libav1.0, mythtv, oxide-qt, vlc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | — | — | — | Fixed | Fixed |
ffmpeg | — | — | — | Not affected | Not affected |
gst-libav1.0 | — | — | — | Not affected | Not affected |
mythtv | — | — | — | Not affected | Not affected |
oxide-qt | — | — | — | Not in release | Ignored |
vlc | — | — | — | Not affected | Not affected |
CVE-2017-14767
Medium prioritySome fixes available 1 of 3
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or...
2 affected packages
ffmpeg, libav
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | — | — | — | Not affected | Fixed |
libav | — | — | — | Not in release | Not in release |
CVE-2017-14225
Low prioritySome fixes available 1 of 3
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in...
2 affected packages
ffmpeg, libav
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | — | — | — | Not affected | Fixed |
libav | — | — | — | Not in release | Not in release |
CVE-2017-14223
Low prioritySome fixes available 1 of 3
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but...
2 affected packages
ffmpeg, libav
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | — | — | — | Not affected | Fixed |
libav | — | — | — | Not in release | Not in release |
CVE-2017-14222
Low prioritySome fixes available 1 of 3
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but...
2 affected packages
ffmpeg, libav
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | — | — | — | Not affected | Fixed |
libav | — | — | — | Not in release | Not in release |
CVE-2013-0870
Medium priorityThe 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.
4 affected packages
ffmpeg, ffmpeg-extra, libav, libav-extra
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | — | — | — | — | — |
ffmpeg-extra | — | — | — | — | — |
libav | — | — | — | — | — |
libav-extra | — | — | — | — | — |
CVE-2017-11719
Medium priorityThe dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.
2 affected packages
ffmpeg, libav
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | — | — | — | Not affected | Not affected |
libav | — | — | — | Not in release | Not in release |
CVE-2017-11665
Medium prioritySome fixes available 1 of 3
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.
2 affected packages
ffmpeg, libav
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | — | — | — | Not affected | Fixed |
libav | — | — | — | Not in release | Not in release |