libav 12.1

CPE Details

libav 12.1
12.1
2019-07-03
14h09 +00:00
2019-07-03
14h09 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libav:libav:12.1:*:*:*:*:*:*:*

Informations

Vendor

libav

Product

libav

Version

12.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-9720 2019-09-19 18h37 +00:00 A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
6.5
Medium
CVE-2019-9719 2019-09-19 18h32 +00:00 A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided
8.8
High
CVE-2019-9717 2019-09-19 18h28 +00:00 In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
6.5
Medium
CVE-2018-5766 2018-01-18 06h00 +00:00 In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file.
8.8
High
CVE-2018-5684 2018-01-14 01h00 +00:00 In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file.
8.8
High
CVE-2017-16803 2017-11-13 16h00 +00:00 In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.
7.5
High
CVE-2017-11684 2017-07-27 04h00 +00:00 There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.
7.5
High
CVE-2017-9987 2017-06-28 04h00 +00:00 There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack.
7.5
High