CVE search results

201 – 210 of 540 results

Detailed view

Sort by:

CVE-2019-12730

Medium priority

Some fixes available 2 of 4

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

1 affected package

ffmpeg

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	—	—	—	Not affected	Fixed

The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via...

1 affected package

ffmpeg

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	—	—	—	—	Not affected

CVE-2019-11338

Low priority

Some fixes available 3 of 4

libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly...

1 affected package

ffmpeg

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	—	—	—	Not affected	Fixed

CVE-2019-9721

Medium priority

Fixed

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

1 affected package

ffmpeg

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	—	—	—	—	Fixed

CVE-2019-9718

Medium priority

Fixed

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format...

1 affected package

ffmpeg

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	—	—	—	—	Fixed

CVE-2019-1000016

Medium priority

Fixed

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be...

1 affected package

ffmpeg

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	—	—	—	—	Not affected

CVE-2018-18829

Medium priority

Needs evaluation

There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file.

5 affected packages

ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	Not affected	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libav	Not in release	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vlc	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2018-18828

Medium priority

Needs evaluation

There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

5 affected packages

ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	Not affected	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libav	Not in release	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vlc	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2018-18827

Medium priority

Needs evaluation

There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

5 affected packages

ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	Not affected	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libav	Not in release	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vlc	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2018-18826

Medium priority

Needs evaluation

There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

5 affected packages

ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	Not affected	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libav	Not in release	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vlc	Not affected	Not affected	Not affected	Not affected	Not affected

Export to JSON

Results by page:

Search CVE reports

CVE-2019-12730

CVE-2019-11339

CVE-2019-11338

CVE-2019-9721

CVE-2019-9718

CVE-2019-1000016

CVE-2018-18829

CVE-2018-18828

CVE-2018-18827

CVE-2018-18826