Search CVE reports
1 – 10 of 11 results
CVE-2018-13305
Medium priorityIn FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4,...
7 affected packages
chromium-browser, ffmpeg, gst-libav1.0, libav, mythtv...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-13304
Medium priorityIn libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a...
13 affected packages
chromium-browser, dvbcut, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
dvbcut | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
xine-lib | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2018-13303
Low priorityIn FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4,...
11 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-13302
Medium prioritySome fixes available 14 of 90
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while...
11 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
ffmpeg | Fixed | Fixed | Fixed | Fixed | Fixed |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-13301
Low priorityIn FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to...
10 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, libav...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-13300
Medium prioritySome fixes available 13 of 89
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI...
11 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
ffmpeg | Fixed | Fixed | Fixed | Fixed | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-7751
Medium prioritySome fixes available 1 of 51
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.
8 affected packages
ffmpeg, gst-libav1.0, libav, mplayer, mythtv...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | Not affected | Not affected | Not affected | Fixed | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2015-1206
Medium prioritySome fixes available 7 of 18
Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.
6 affected packages
chromium-browser, ffmpeg, gst-libav1.0, mythtv, oxide-qt, vlc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | — | — | — | Fixed | Fixed |
ffmpeg | — | — | — | Not affected | Not affected |
gst-libav1.0 | — | — | — | Not affected | Not affected |
mythtv | — | — | — | Not affected | Not affected |
oxide-qt | — | — | — | Not in release | Ignored |
vlc | — | — | — | Not affected | Not affected |
CVE-2012-6617
Medium priorityThe prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.
10 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Not affected | Not affected | Not affected | Not affected | Not affected |
ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
kino | Not in release | Not affected | Not affected | Not affected | Not affected |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2012-6616
Medium priorityThe mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data.
8 affected packages
chromium-browser, ffmpeg, gst-libav1.0, libav, mythtv...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Not affected | Not affected | Not affected | Not affected | Not affected |
ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |