Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 53 results


CVE-2021-32278

Medium priority

Some fixes available 4 of 16

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.

3 affected packages

faad2, welle.io, xine-lib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
faad2 Not affected Not affected Fixed Fixed Fixed
welle.io Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
xine-lib Not in release Not in release Not in release Not in release Ignored
Show less packages

CVE-2021-32277

Medium priority

Some fixes available 4 of 16

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.

3 affected packages

faad2, welle.io, xine-lib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
faad2 Not affected Not affected Fixed Fixed Fixed
welle.io Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
xine-lib Not in release Not in release Not in release Not in release Ignored
Show less packages

CVE-2021-32276

Medium priority

Some fixes available 4 of 16

An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service.

3 affected packages

faad2, welle.io, xine-lib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
faad2 Not affected Not affected Fixed Fixed Fixed
welle.io Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
xine-lib Not in release Not in release Not in release Not in release Ignored
Show less packages

CVE-2021-32274

Medium priority

Some fixes available 4 of 16

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution.

3 affected packages

faad2, welle.io, xine-lib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
faad2 Not affected Not affected Fixed Fixed Fixed
welle.io Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
xine-lib Not in release Not in release Not in release Not in release Ignored
Show less packages

CVE-2021-32273

Medium priority

Some fixes available 4 of 16

An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.

3 affected packages

faad2, welle.io, xine-lib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
faad2 Not affected Not affected Fixed Fixed Fixed
welle.io Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
xine-lib Not in release Not in release Not in release Not in release Ignored
Show less packages

CVE-2021-32272

Medium priority

Some fixes available 4 of 16

An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.

3 affected packages

faad2, welle.io, xine-lib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
faad2 Not affected Not affected Fixed Fixed Fixed
welle.io Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
xine-lib Not in release Not in release Not in release Not in release Ignored
Show less packages

CVE-2018-13304

Medium priority
Needs evaluation

In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a...

13 affected packages

chromium-browser, dvbcut, ffmpeg, gst-libav1.0, gstreamer0.10-ffmpeg...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Ignored Ignored Ignored Ignored Ignored
dvbcut Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ffmpeg Not affected Not affected Not affected Not affected Not affected
gst-libav1.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gstreamer0.10-ffmpeg Not in release Not in release Not in release Not in release Not in release
kino Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libav Not in release Not in release Not in release Not in release Not in release
mplayer Not affected Not affected Not affected Not affected Not affected
mythtv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
oxide-qt Not in release Not in release Not in release Not in release Ignored
vice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vlc Not affected Not affected Not affected Not affected Not affected
xine-lib Not in release Not in release Not in release Not in release Not in release
Show all 13 packages Show less packages

CVE-2017-11119

Low priority
Ignored

The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted nsf file.

3 affected packages

xbmc, xine-lib, xine-lib-1.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xbmc Not in release Not in release Not in release Not in release
xine-lib Not in release Not in release Not in release Not in release
xine-lib-1.2 Not affected Not affected Not affected Not affected
Show less packages

CVE-2010-2062

Medium priority
Ignored

Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers...

3 affected packages

mplayer, vlc, xine-lib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mplayer
vlc
xine-lib
Show less packages

CVE-2009-1274

Medium priority

Some fixes available 3 of 4

Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS...

1 affected packages

xine-lib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xine-lib
Show less packages