Vulnerabilities > Libav > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-14 CVE-2014-4609 Integer Overflow or Wraparound vulnerability in Libav
Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.
network
low complexity
libav CWE-190
8.8
2019-09-19 CVE-2019-9719 Out-of-bounds Write vulnerability in Libav
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
network
low complexity
libav CWE-787
8.8
2018-05-15 CVE-2018-11102 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav 12.3
An issue was discovered in Libav 12.3.
network
low complexity
libav CWE-119
7.5
2018-01-18 CVE-2018-5766 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav
In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c.
network
low complexity
libav CWE-119
8.8
2018-01-14 CVE-2018-5684 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav
In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c.
network
low complexity
libav CWE-119
8.8
2017-12-04 CVE-2017-17130 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav 12.2
The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to vc1_decode_i_blocks_adv.
network
low complexity
libav CWE-119
8.8
2017-12-04 CVE-2017-17129 NULL Pointer Dereference vulnerability in Libav 12.2
The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.
network
low complexity
libav CWE-476
8.8
2017-11-13 CVE-2017-16803 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav
In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.
network
low complexity
libav CWE-119
7.5
2017-07-27 CVE-2017-11684 Unspecified vulnerability in Libav 12.1
There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.
network
low complexity
libav
7.5
2017-06-28 CVE-2017-9987 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav 12.1
There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1.
network
low complexity
libav CWE-119
7.5