72 matches found
Code injection
DISPUTED An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service application crash, as demonstrated by avconv. This is related to ffmpasynthfilterfloat in avcodec/mpegaudiodsptemplate.c. NOTE: This may be a duplicate of CVE-2018-19129...
Code injection
An issue was discovered in Libav 12.3. Division by zero in rangedecodeculshift in libavcodec/apedec.c allows remote attackers to cause a denial of service application crash, as demonstrated by avconv...
UBUNTU-CVE-2019-14443
An issue was discovered in Libav 12.3. Division by zero in rangedecodeculshift in libavcodec/apedec.c allows remote attackers to cause a denial of service application crash, as demonstrated by avconv...
CVE-2019-14442
In mpc8readheader in libavformat/mpc8.c in Libav 12.3, an input file can result in an avioseek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file...
Design/Logic Flaw
An issue was discovered in Libav 12.3. There is an infinite loop in the function movprobe in the file libavformat/mov.c, related to offset and tag...
Design/Logic Flaw
In Libav 12.3, there is an infinite loop in the function wvreadblockheader in the file wvdec.c...
CVE-2019-14372
In Libav 12.3, there is an infinite loop in the function wvreadblockheader in the file wvdec.c...
Input validation
In Libav 12.3, there is a floating point exception in the rangedecodeculshift function called from rangedecodebits in libavcodec/apedec.c that will lead to remote denial of service via crafted input...
CVE-2018-20001
In Libav 12.3, there is a floating point exception in the rangedecodeculshift function called from rangedecodebits in libavcodec/apedec.c that will lead to remote denial of service via crafted input...
UBUNTU-CVE-2018-20001
In Libav 12.3, there is a floating point exception in the rangedecodeculshift function called from rangedecodebits in libavcodec/apedec.c that will lead to remote denial of service via crafted input...
Libav Floating Point Exception Vulnerability
Libav is an open source audio and video processing tools , providing for conversion , manipulation and streaming of various multimedia formats and protocols cross-platform tools and libraries . A floating-point exception vulnerability exists in the rangedecodeculshift function in...
CVE-2018-19129
In Libav 12.3, a NULL pointer dereference RIP points to zero issue in ffmpasynthfilterfloat in libavcodec/mpegaudiodsptemplate.c can cause a segmentation fault application crash via a crafted mov file...
CVE-2018-19128
In Libav 12.3, there is a heap-based buffer over-read in decodeframe in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file...
CVE-2018-19130
In Libav 12.3, there is an invalid memory access in vc1decodeframe in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127...
Heap overflow
In Libav 12.3, there is a heap-based buffer over-read in decodeframe in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file...
CVE-2018-19128
In Libav 12.3, there is a heap-based buffer over-read in decodeframe in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file...
CVE-2018-19129
In Libav 12.3, a NULL pointer dereference RIP points to zero issue in ffmpasynthfilterfloat in libavcodec/mpegaudiodsptemplate.c can cause a segmentation fault application crash via a crafted mov file...
Heap overflow
There exists a heap-based buffer over-read in ffvc1preddc in vc1block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file...
CVE-2018-18828
There exists a heap-based buffer overflow in vc1decodeiblockadv in vc1block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file...
Heap overflow
There exists a heap-based buffer overflow in vc1decodeiblockadv in vc1block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file...