Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

61 – 70 of 150 results


CVE-2018-13301

Low priority
Needs evaluation

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to...

10 affected packages

chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, libav...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
ffmpeg Not affected Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
Show all 10 packages Show less packages

CVE-2018-13300

Medium priority

Some fixes available 14 of 94

In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI...

11 affected packages

chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
ffmpeg Fixed Fixed Fixed Fixed Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
kino Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
Show all 11 packages Show less packages

CVE-2018-11516

Medium priority
Ignored

The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified...

1 affected packages

vlc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
vlc Not affected Not affected
Show less packages

CVE-2018-7751

Medium priority

Some fixes available 1 of 54

The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.

8 affected packages

ffmpeg, gst-libav1.0, libav, mplayer, mythtv...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ffmpeg Not affected Not affected Not affected Fixed Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
Show all 8 packages Show less packages

CVE-2015-1208

Medium priority
Ignored

Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.

4 affected packages

ffmpeg, libav, mplayer, vlc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ffmpeg Not affected Not affected
libav Not in release Not in release
mplayer Not affected Not affected
vlc Not affected Not affected
Show less packages

CVE-2017-17670

Medium priority
Vulnerable

In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a...

1 affected packages

vlc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
vlc Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2017-17081

Low priority

Some fixes available 1 of 27

The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read)...

6 affected packages

chromium-browser, ffmpeg, gst-libav1.0, oxide-qt, qtwebengine-opensource-src, vlc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Not affected Not affected Not affected Not affected Not affected
ffmpeg Not affected Not affected Not affected Not affected Fixed
gst-libav1.0 Not affected Not affected Not affected Not affected Not affected
oxide-qt Not in release Not in release Not in release Not in release Ignored
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
vlc Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2015-1206

Medium priority

Some fixes available 7 of 18

Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.

6 affected packages

chromium-browser, ffmpeg, gst-libav1.0, mythtv, oxide-qt, vlc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Fixed Fixed
ffmpeg Not affected Not affected
gst-libav1.0 Not affected Not affected
mythtv Not affected Not affected
oxide-qt Not in release Ignored
vlc Not affected Not affected
Show less packages

CVE-2017-10699

Medium priority

Some fixes available 3 of 4

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.

1 affected packages

vlc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
vlc Not affected Fixed
Show less packages

CVE-2017-9301

Medium priority
Vulnerable

plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.

1 affected packages

vlc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
vlc Not affected Not affected Not affected Not affected Vulnerable
Show less packages