Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

51 – 60 of 297 results


CVE-2018-14394

Low priority

Some fixes available 11 of 13

libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.

2 affected packages

ffmpeg, libav

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ffmpeg Fixed Fixed Fixed Fixed Fixed
libav Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2018-13305

Medium priority
Needs evaluation

In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4,...

7 affected packages

chromium-browser, ffmpeg, gst-libav1.0, libav, mythtv...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
ffmpeg Not affected Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release Not in release
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vlc Not affected Not affected Not affected Not affected Not affected
Show all 7 packages Show less packages

CVE-2018-13304

Medium priority
Needs evaluation

In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a...

13 affected packages

chromium-browser, dvbcut, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
dvbcut Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ffmpeg Not affected Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
kino Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
xine-lib Not in release Not in release Not in release Not in release Not in release
Show all 13 packages Show less packages

CVE-2018-13303

Low priority
Needs evaluation

In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4,...

11 affected packages

chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
ffmpeg Not affected Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
kino Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
Show all 11 packages Show less packages

CVE-2018-13302

Medium priority

Some fixes available 15 of 95

In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while...

11 affected packages

chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
ffmpeg Fixed Fixed Fixed Fixed Fixed
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
kino Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
Show all 11 packages Show less packages

CVE-2018-13301

Low priority
Needs evaluation

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to...

10 affected packages

chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, libav...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
ffmpeg Not affected Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
Show all 10 packages Show less packages

CVE-2018-13300

Medium priority

Some fixes available 14 of 94

In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI...

11 affected packages

chromium-browser, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg, kino...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
ffmpeg Fixed Fixed Fixed Fixed Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
kino Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
Show all 11 packages Show less packages

CVE-2018-11224

Low priority
Vulnerable

An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in libavcodec/aacsbr.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.

1 affected packages

libav

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libav Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2018-11102

Low priority
Vulnerable

An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.

1 affected packages

libav

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libav Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2018-7751

Medium priority

Some fixes available 1 of 54

The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.

8 affected packages

ffmpeg, gst-libav1.0, libav, mplayer, mythtv...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ffmpeg Not affected Not affected Not affected Fixed Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
Show all 8 packages Show less packages