Search CVE reports
1 – 10 of 53 results
CVE-2021-32278
Medium prioritySome fixes available 4 of 15
An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.
3 affected packages
faad2, welle.io, xine-lib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| faad2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| welle.io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| xine-lib | Not in release | Not in release | Not in release | Not in release | Ignored |
CVE-2021-32277
Medium prioritySome fixes available 4 of 15
An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.
3 affected packages
faad2, welle.io, xine-lib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| faad2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| welle.io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| xine-lib | Not in release | Not in release | Not in release | Not in release | Ignored |
CVE-2021-32276
Medium prioritySome fixes available 4 of 15
An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service.
3 affected packages
faad2, welle.io, xine-lib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| faad2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| welle.io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| xine-lib | Not in release | Not in release | Not in release | Not in release | Ignored |
CVE-2021-32274
Medium prioritySome fixes available 4 of 15
An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution.
3 affected packages
faad2, welle.io, xine-lib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| faad2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| welle.io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| xine-lib | Not in release | Not in release | Not in release | Not in release | Ignored |
CVE-2021-32273
Medium prioritySome fixes available 4 of 15
An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.
3 affected packages
faad2, welle.io, xine-lib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| faad2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| welle.io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| xine-lib | Not in release | Not in release | Not in release | Not in release | Ignored |
CVE-2021-32272
Medium prioritySome fixes available 4 of 15
An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.
3 affected packages
faad2, welle.io, xine-lib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| faad2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| welle.io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| xine-lib | Not in release | Not in release | Not in release | Not in release | Ignored |
CVE-2018-13304
Medium priorityIn libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a...
13 affected packages
chromium-browser, dvbcut, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
| dvbcut | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | Not in release | Not in release |
| mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
| vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
| xine-lib | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2017-11119
Low priorityThe chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted nsf file.
3 affected packages
xbmc, xine-lib, xine-lib-1.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xbmc | — | Not in release | Not in release | Not in release | Not in release |
| xine-lib | — | Not in release | Not in release | Not in release | Not in release |
| xine-lib-1.2 | — | Not affected | Not affected | Not affected | Not affected |
CVE-2010-2062
Medium priorityInteger underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers...
3 affected packages
mplayer, vlc, xine-lib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| mplayer | — | — | — | — | — |
| vlc | — | — | — | — | — |
| xine-lib | — | — | — | — | — |
CVE-2009-1274
Medium prioritySome fixes available 3 of 4
Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS...
1 affected packages
xine-lib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xine-lib | — | — | — | — | — |