Search CVE reports
131 – 140 of 349 results
The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
1 affected package
libav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libav | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 1 of 27
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read)...
6 affected packages
chromium-browser, ffmpeg, qtwebengine-opensource-src, gst-libav1.0, oxide-qt, vlc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not affected | Not in release | Not affected |
| ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| gst-libav1.0 | Not affected | Not affected | Not affected | Not affected | Not affected |
| oxide-qt | Not in release | Not in release | Not in release | Not in release | Not in release |
| vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of...
1 affected package
libav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libav | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 1 of 4
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
2 affected packages
libav, ffmpeg
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libav | Not in release | Not in release | Not in release | Not in release | Not in release |
| ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 7 of 18
Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.
6 affected packages
ffmpeg, chromium-browser, gst-libav1.0, mythtv, oxide-qt, vlc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | — | — | — | Not affected |
| chromium-browser | — | — | — | — | Fixed |
| gst-libav1.0 | — | — | — | — | Not affected |
| mythtv | — | — | — | — | Not affected |
| oxide-qt | — | — | — | — | Not in release |
| vlc | — | — | — | — | Not affected |
Some fixes available 1 of 3
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or...
2 affected packages
ffmpeg, libav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | — | — | — | Not affected |
| libav | — | — | — | — | Not in release |
Some fixes available 1 of 3
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in...
2 affected packages
ffmpeg, libav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | — | — | — | Not affected |
| libav | — | — | — | — | Not in release |
Some fixes available 1 of 3
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but...
2 affected packages
ffmpeg, libav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | — | — | — | Not affected |
| libav | — | — | — | — | Not in release |
Some fixes available 1 of 3
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but...
2 affected packages
ffmpeg, libav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | — | — | — | Not affected |
| libav | — | — | — | — | Not in release |
The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.
4 affected packages
ffmpeg, ffmpeg-extra, libav, libav-extra
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | — | — | — | — |
| ffmpeg-extra | — | — | — | — | — |
| libav | — | — | — | — | — |
| libav-extra | — | — | — | — | — |