Search CVE reports
51 – 60 of 153 results
In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4,...
10 affected packages
chromium-browser, ffmpeg, gst-libav1.0, kino, mythtv...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Not in release | Ignored |
| ffmpeg | Not affected | Not affected | Not affected | Not affected |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release |
| libav | Not in release | Not in release | Not in release | Not in release |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
| mplayer | Not affected | Not affected | Not affected | Not affected |
| vlc | Not affected | Not affected | Not affected | Not affected |
Some fixes available 16 of 82
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while...
10 affected packages
chromium-browser, ffmpeg, gst-libav1.0, kino, mythtv...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Not in release | Ignored |
| ffmpeg | Fixed | Fixed | Fixed | Fixed |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | Not in release |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release |
| mplayer | Not affected | Not affected | Not affected | Not affected |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
| vlc | Not affected | Not affected | Not affected | Not affected |
In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to...
9 affected packages
chromium-browser, libav, gstreamer0.10-ffmpeg, vlc, gst-libav1.0...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Not in release | Ignored |
| libav | Not in release | Not in release | Not in release | Not in release |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release |
| vlc | Not affected | Not affected | Not affected | Not affected |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ffmpeg | Not affected | Not affected | Not affected | Not affected |
| mplayer | Not affected | Not affected | Not affected | Not affected |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
Some fixes available 15 of 81
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI...
10 affected packages
chromium-browser, ffmpeg, gstreamer0.10-ffmpeg, mplayer, vlc...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Ignored | Ignored | Not in release | Ignored |
| ffmpeg | Fixed | Fixed | Fixed | Fixed |
| gstreamer0.10-ffmpeg | Not in release | Not in release | Not in release | Not in release |
| mplayer | Not affected | Not affected | Not affected | Not affected |
| vlc | Not affected | Not affected | Not affected | Not affected |
| kino | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| mythtv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | Not in release |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
Some fixes available 2 of 3
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
1 affected package
vlc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vlc | — | Not affected | Not affected | Not affected |
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified...
1 affected package
vlc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vlc | — | — | — | Not affected |
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
1 affected package
vlc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vlc | Not affected | Not affected | Not affected | Not affected |
Some fixes available 3 of 4
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
1 affected package
vlc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vlc | — | — | — | — |
Some fixes available 3 of 4
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
1 affected package
vlc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vlc | — | — | — | — |
Some fixes available 3 of 4
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
1 affected package
vlc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vlc | — | — | — | — |