CVE search results

41 – 50 of 149 results

Detailed view

Sort by:

CVE-2019-13962

Low priority

Some fixes available 2 of 3

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

1 affected packages

vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
vlc	Not affected	Not affected	Not affected	Fixed	Vulnerable

CVE-2019-13615

Low priority

Some fixes available 2 of 3

libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.

2 affected packages

libebml, vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libebml	—	—	—	Fixed	Fixed
vlc	—	—	—	Not affected	Not affected

CVE-2019-13602

Medium priority

Some fixes available 2 of 4

An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly...

1 affected packages

vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
vlc	Not affected	Not affected	Not affected	Fixed	Vulnerable

CVE-2019-12874

Medium priority

Some fixes available 2 of 4

An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.

1 affected packages

vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
vlc	Not affected	Not affected	Not affected	Fixed	Vulnerable

CVE-2019-5439

Medium priority

Some fixes available 2 of 4

A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.

1 affected packages

vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
vlc	Not affected	Not affected	Not affected	Fixed	Vulnerable

CVE-2018-19857

Medium priority

Some fixes available 1 of 3

The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to...

1 affected packages

vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
vlc	Not affected	Not affected	Not affected	Fixed	Vulnerable

CVE-2018-18829

Medium priority

Needs evaluation

There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file.

5 affected packages

ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ffmpeg	Not affected	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libav	Not in release	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
vlc	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2018-18828

Medium priority

Needs evaluation

There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

5 affected packages

ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ffmpeg	Not affected	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libav	Not in release	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
vlc	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2018-18827

Medium priority

Needs evaluation

There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

5 affected packages

ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ffmpeg	Not affected	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libav	Not in release	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
vlc	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2018-18826

Medium priority

Needs evaluation

There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

5 affected packages

ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ffmpeg	Not affected	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libav	Not in release	Not in release	Not in release	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
vlc	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Export to JSON

Results by page:

Search CVE reports