Search CVE reports
1 – 10 of 13 results
CVE-2018-13304
Medium priorityIn libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a...
13 affected packages
chromium-browser, dvbcut, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
dvbcut | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
xine-lib | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2018-13303
Low priorityIn FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4,...
11 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-13302
Medium prioritySome fixes available 15 of 95
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while...
11 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
ffmpeg | Fixed | Fixed | Fixed | Fixed | Fixed |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-13301
Low priorityIn FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to...
10 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, libav...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-13300
Medium prioritySome fixes available 14 of 94
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI...
11 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Ignored | Ignored | Ignored | Ignored | Ignored |
ffmpeg | Fixed | Fixed | Fixed | Fixed | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mplayer | Not affected | Not affected | Not affected | Not affected | Not affected |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Ignored |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2015-1872
Low prioritySome fixes available 1 of 25
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of...
4 affected packages
gst-libav1.0, gstreamer0.10-ffmpeg, kino, libav
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gst-libav1.0 | Not affected | Not affected | Not affected | Not affected | Not affected |
gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
kino | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2012-6617
Medium priorityThe prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.
10 affected packages
chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Not affected | Not affected | Not affected | Not affected | Not affected |
ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
kino | Not in release | Not affected | Not affected | Not affected | Not affected |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
vice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2009-0385
Medium prioritySome fixes available 4 of 24
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value,...
7 affected packages
ffmpeg, ffmpeg-debian, gstreamer0.10-ffmpeg, kino, motion...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | — | — | — | — | — |
ffmpeg-debian | — | — | — | — | — |
gstreamer0.10-ffmpeg | — | — | — | — | — |
kino | — | — | — | — | — |
motion | — | — | — | — | — |
mplayer | — | — | — | — | — |
smilutils | — | — | — | — | — |
CVE-2008-4868
Low priorityUnspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers."
6 affected packages
ffmpeg, ffmpeg-debian, gstreamer0.10-ffmpeg, kino, mplayer, xmovie
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | — | — | — | — | — |
ffmpeg-debian | — | — | — | — | — |
gstreamer0.10-ffmpeg | — | — | — | — | — |
kino | — | — | — | — | — |
mplayer | — | — | — | — | — |
xmovie | — | — | — | — | — |
CVE-2008-4867
Low prioritySome fixes available 3 of 14
Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.
6 affected packages
ffmpeg, ffmpeg-debian, gstreamer0.10-ffmpeg, kino, mplayer, xmovie
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | — | — | — | — | — |
ffmpeg-debian | — | — | — | — | — |
gstreamer0.10-ffmpeg | — | — | — | — | — |
kino | — | — | — | — | — |
mplayer | — | — | — | — | — |
xmovie | — | — | — | — | — |