Search CVE reports


Toggle filters

1 – 10 of 13 results


CVE-2018-13304

Medium priority
Needs evaluation

In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a...

13 affected packages

chromium-browser, dvbcut, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
dvbcut Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ffmpeg Not affected Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
kino Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
xine-lib Not in release Not in release Not in release Not in release Not in release
Show all 13 packages Show less packages

CVE-2018-13303

Low priority
Needs evaluation

In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4,...

11 affected packages

chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
ffmpeg Not affected Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
kino Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
Show all 11 packages Show less packages

CVE-2018-13302

Medium priority

Some fixes available 15 of 95

In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while...

11 affected packages

chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
ffmpeg Fixed Fixed Fixed Fixed Fixed
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
kino Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
Show all 11 packages Show less packages

CVE-2018-13301

Low priority
Needs evaluation

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to...

10 affected packages

chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, libav...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
ffmpeg Not affected Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
Show all 10 packages Show less packages

CVE-2018-13300

Medium priority

Some fixes available 14 of 94

In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI...

11 affected packages

chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
ffmpeg Fixed Fixed Fixed Fixed Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
kino Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
Show all 11 packages Show less packages

CVE-2015-1872

Low priority

Some fixes available 1 of 25

The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of...

4 affected packages

gst-libav1.0, gstreamer0.10-ffmpeg, kino, libav

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gst-libav1.0 Not affected Not affected Not affected Not affected Not affected
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
kino Not in release Vulnerable Vulnerable Vulnerable Vulnerable
libav Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2012-6617

Medium priority
Needs evaluation

The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.

10 affected packages

chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Not affected Not affected Not affected Not affected Not affected
ffmpeg Not affected Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
kino Not in release Not affected Not affected Not affected Not affected
libav Not in release Not in release Not in release Not in release Not in release
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 10 packages Show less packages

CVE-2009-0385

Medium priority

Some fixes available 4 of 24

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value,...

7 affected packages

ffmpeg, ffmpeg-debian, gstreamer0.10-ffmpeg, kino, motion...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ffmpeg
ffmpeg-debian
gstreamer0.10-ffmpeg
kino
motion
mplayer
smilutils
Show all 7 packages Show less packages

CVE-2008-4868

Low priority
Ignored

Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers."

6 affected packages

ffmpeg, ffmpeg-debian, gstreamer0.10-ffmpeg, kino, mplayer, xmovie

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ffmpeg
ffmpeg-debian
gstreamer0.10-ffmpeg
kino
mplayer
xmovie
Show less packages

CVE-2008-4867

Low priority

Some fixes available 3 of 14

Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.

6 affected packages

ffmpeg, ffmpeg-debian, gstreamer0.10-ffmpeg, kino, mplayer, xmovie

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ffmpeg
ffmpeg-debian
gstreamer0.10-ffmpeg
kino
mplayer
xmovie
Show less packages