CVE-2019-9719

Libav 12.3 contains a stack-based buffer overflow in the subtitle decoder (srt_to_ass in libavcodec/srtdec.c) triggered by crafted Matroska video files; the issue stems from misusing snprintf. Multiple sources (Red Hat, SUSE, Ubuntu, OSV, and others) describe a vulnerability with claims of disput...

CVE-2019-9717

CVE-2019-9717 affects Libav 12.3, specifically the subtitle decoder in libavcodec/srtdec.c (function srt_to_ass). A crafted Matroska video file can cause a denial of service by hogging CPU, due to a complex format argument to sscanf in srt_to_ass. The available documents provide the vulnerability...

CVE-2019-15942

FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645parse because allocrbspbuffer in libavcodec/h2645parse.c mishandles rbspbuffer...

Libav Number Error Vulnerability

Libav is Libav team's set of cross-platform audio and video can be recorded, converted solution, which includes a libavcodec encoder. A numeric error vulnerability exists in Libav. The vulnerability stems from a networked system or product that does not properly calculate or convert the resulting...

UBUNTU-CVE-2019-14443

An issue was discovered in Libav 12.3. Division by zero in rangedecodeculshift in libavcodec/apedec.c allows remote attackers to cause a denial of service application crash, as demonstrated by avconv...

Buffer Over-read

FFmpeg is vulnerable to buffer over-read. The attack is possible because it does not support some of the pixel formats in the function blockcmp of ffmpeg/libavcodec/zmbvenc.c, causing a heap buffer overflow...

CVE-2019-13312

blockcmp in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read...

CVE-2019-13312

blockcmp in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read...

UBUNTU-CVE-2019-13312

blockcmp in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read...

Heap overflow

blockcmp in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read...

CVE-2019-13312

CVE-2019-13312 affects FFmpeg 4.1.3, where block_cmp() in libavcodec/zmbvenc.c can trigger a heap-based buffer over-read. This is evidenced across multiple advisories (ALT Linux fix 4.2.3-alt1 and Gentoo GLSA 202003-65 recommending upgrading to FFmpeg 4.2.x or newer). Impact per sources is partia...

CVE-2019-13312

blockcmp in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read...

Debian DLA-1809-1 : libav security update

Two more security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2018-15822 The flvwritepacket function in libavformat/flvenc.c in libav did not check for an empty audio packet, leading to an assertion failure. CVE-2019-11338 libavcodec/hevcdec.c...

Heap overflow

In libavcodec in Libav 9.21, ffh264executerefpicmarking has a heap-based buffer over-read...

CVE-2017-5984

In libavcodec in Libav 9.21, ffh264executerefpicmarking has a heap-based buffer over-read...

CVE-2017-5984

In libavcodec in Libav 9.21, ffh264executerefpicmarking has a heap-based buffer over-read...

UBUNTU-CVE-2017-5984

In libavcodec in Libav 9.21, ffh264executerefpicmarking has a heap-based buffer over-read...

CVE-2017-5984

In libavcodec in Libav 9.21, ffh264executerefpicmarking has a heap-based buffer over-read...

CVE-2017-5984

In libavcodec in Libav 9.21, ffh264executerefpicmarking has a heap-based buffer over-read...

CVE-2017-5984

CVE-2017-5984 affects Libav 9.21 (libavcodec) with a heap-based buffer over-read in ff_h264_execute_ref_pic_marking(). Connected sources confirm the vulnerability in Libav/libavcodec and reference a patch (libav.patch 62534) addressing this issue; public advisories list the flaw and its impact. T...