libav 12.1

CPE Details

libav 12.1
libav
libav
12.1
2019-07-03
14h09 +00:00
2019-07-03
14h09 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libav:libav:12.1:*:*:*:*:*:*:*

Informations

Vendor

libav

Product

libav

Version

12.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-9720 2019-09-19 18h37 +00:00 A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
6.5
Medium
CVE-2019-9719 2019-09-19 18h32 +00:00 A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided
8.8
High
CVE-2019-9717 2019-09-19 18h28 +00:00 In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
6.5
Medium
CVE-2018-5766 2018-01-18 06h00 +00:00 In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file.
8.8
High
CVE-2018-5684 2018-01-14 01h00 +00:00 In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file.
8.8
High
CVE-2017-16803 2017-11-13 16h00 +00:00 In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.
7.5
High
CVE-2017-11684 2017-07-27 04h00 +00:00 There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.
7.5
High
CVE-2017-9987 2017-06-28 04h00 +00:00 There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.