Vulnerabilities > Libav

DATE CVE VULNERABILITY TITLE RISK
2017-02-15 CVE-2016-8676 NULL Pointer Dereference vulnerability in Libav
The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file.
network
libav CWE-476
4.3
2017-02-15 CVE-2016-8675 NULL Pointer Dereference vulnerability in Libav
The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection.
network
libav CWE-476
4.3
2017-02-15 CVE-2016-7499 Divide By Zero vulnerability in Libav 11.7
The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.
local
low complexity
libav CWE-369
5.5
2017-02-15 CVE-2016-7477 NULL Pointer Dereference vulnerability in Libav 11.7
The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file.
network
libav CWE-476
4.3
2017-02-15 CVE-2016-7393 Out-of-bounds Read vulnerability in Libav
Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
local
low complexity
libav CWE-125
5.5
2017-02-15 CVE-2016-6832 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav
Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing.
local
low complexity
libav CWE-119
5.5
2016-10-07 CVE-2016-7424 NULL Pointer Dereference vulnerability in multiple products
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.
local
low complexity
debian libav CWE-476
5.5
2016-06-16 CVE-2016-3062 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
network
low complexity
libav ffmpeg debian opensuse CWE-119
8.8
2016-04-19 CVE-2015-5479 Numeric Errors vulnerability in multiple products
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
network
low complexity
ubuntu libav opensuse CWE-189
6.5
2012-08-20 CVE-2011-4353 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream.
network
ffmpeg libav CWE-119
4.3