Vulnerabilities > Libav > Libav > 0.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-14 | CVE-2014-4609 | Integer Overflow or Wraparound vulnerability in Libav Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run. | 6.8 |
| 2019-09-19 | CVE-2019-9720 | Classic Buffer Overflow vulnerability in Libav A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. | 7.1 |
| 2019-09-19 | CVE-2019-9719 | Out-of-bounds Write vulnerability in Libav A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. | 8.8 |
| 2019-09-19 | CVE-2019-9717 | Improper Input Validation vulnerability in Libav In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf. | 7.1 |
| 2018-01-18 | CVE-2018-5766 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. | 6.8 |
| 2018-01-14 | CVE-2018-5684 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. | 6.8 |
| 2017-11-13 | CVE-2017-16803 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream. | 5.0 |
| 2017-05-18 | CVE-2017-9051 | NULL Pointer Dereference vulnerability in Libav libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c. | 7.5 |
| 2017-02-15 | CVE-2016-8676 | NULL Pointer Dereference vulnerability in Libav The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. | 4.3 |
| 2017-02-15 | CVE-2016-8675 | NULL Pointer Dereference vulnerability in Libav The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection. | 4.3 |