Vulnerabilities > Libav > High

DATE CVE VULNERABILITY TITLE RISK
2019-09-19 CVE-2019-9720 Classic Buffer Overflow vulnerability in Libav
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
network
libav CWE-120
7.1
2019-09-19 CVE-2019-9719 Out-of-bounds Write vulnerability in Libav
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
network
low complexity
libav CWE-787
8.8
2019-09-19 CVE-2019-9717 Improper Input Validation vulnerability in Libav
In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
network
libav CWE-20
7.1
2017-05-18 CVE-2017-9051 NULL Pointer Dereference vulnerability in Libav
libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.
network
low complexity
libav CWE-476
7.5
2016-06-16 CVE-2016-3062 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
network
low complexity
libav ffmpeg debian opensuse CWE-119
8.8