Search CVE reports
61 – 70 of 153 results
In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4,...
10 affected packages
chromium-browser, ffmpeg, gst-libav1.0, kino, mythtv...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Not in release | Ignored |
| ffmpeg | Not affected | Not affected | Not affected | Not affected |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release |
| libav | Not in release | Not in release | Not in release | Not in release |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
| mplayer | Not affected | Not affected | Not affected | Not affected |
| vlc | Not affected | Not affected | Not affected | Not affected |
Some fixes available 17 of 86
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while...
10 affected packages
chromium-browser, ffmpeg, gst-libav1.0, kino, mythtv...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Not in release | Ignored |
| ffmpeg | Fixed | Fixed | Fixed | Fixed |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | Not in release |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release |
| mplayer | Not affected | Not affected | Not affected | Not affected |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
| vlc | Not affected | Not affected | Not affected | Not affected |
In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to...
9 affected packages
chromium-browser, libav, gstreamer0.10-ffmpeg, vlc, gst-libav1.0...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Not in release | Ignored |
| libav | Not in release | Not in release | Not in release | Not in release |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release |
| vlc | Not affected | Not affected | Not affected | Not affected |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ffmpeg | Not affected | Not affected | Not affected | Not affected |
| mplayer | Not affected | Not affected | Not affected | Not affected |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
Some fixes available 16 of 85
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI...
10 affected packages
chromium-browser, ffmpeg, gstreamer0.10-ffmpeg, mplayer, vlc...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Not in release | Ignored |
| ffmpeg | Fixed | Fixed | Fixed | Fixed |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release |
| mplayer | Not affected | Not affected | Not affected | Not affected |
| vlc | Not affected | Not affected | Not affected | Not affected |
| kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | Not in release |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified...
1 affected package
vlc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vlc | — | — | — | Not affected |
Some fixes available 1 of 42
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.
7 affected packages
gst-libav1.0, mythtv, ffmpeg, libav, mplayer...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ffmpeg | Not affected | Not affected | Not affected | Fixed |
| libav | Not in release | Not in release | Not in release | Not in release |
| mplayer | Not affected | Not affected | Not affected | Not affected |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
| vlc | Not affected | Not affected | Not affected | Not affected |
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.
4 affected packages
ffmpeg, libav, mplayer, vlc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ffmpeg | — | — | — | Not affected |
| libav | — | — | — | Not in release |
| mplayer | — | — | — | Not affected |
| vlc | — | — | — | Not affected |
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a...
1 affected package
vlc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vlc | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 29
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read)...
6 affected packages
chromium-browser, ffmpeg, qtwebengine-opensource-src, gst-libav1.0, oxide-qt, vlc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not in release | Not affected |
| ffmpeg | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gst-libav1.0 | Not affected | Not affected | Not affected | Not affected |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
| vlc | Not affected | Not affected | Not affected | Not affected |
Some fixes available 7 of 18
Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.
6 affected packages
ffmpeg, chromium-browser, gst-libav1.0, mythtv, oxide-qt, vlc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ffmpeg | — | — | — | Not affected |
| chromium-browser | — | — | — | Fixed |
| gst-libav1.0 | — | — | — | Not affected |
| mythtv | — | — | — | Not affected |
| oxide-qt | — | — | — | Not in release |
| vlc | — | — | — | Not affected |