Vulnerabilities > Libav > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-23 CVE-2017-18247 NULL Pointer Dereference vulnerability in Libav 12.2
The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted media file.
network
low complexity
libav CWE-476
6.5
2018-03-23 CVE-2017-18246 Out-of-bounds Read vulnerability in Libav 12.2
The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file.
network
low complexity
libav CWE-125
6.5
2018-03-23 CVE-2017-18245 Out-of-bounds Read vulnerability in Libav 12.2
The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file.
network
low complexity
libav CWE-125
6.5
2018-03-22 CVE-2017-18244 Out-of-bounds Read vulnerability in Libav 12.2
The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply.
network
low complexity
libav CWE-125
6.5
2018-03-22 CVE-2017-18243 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav 12.2
The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file.
network
low complexity
libav CWE-119
6.5
2018-03-22 CVE-2017-18242 Out-of-bounds Read vulnerability in Libav 12.2
The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file.
network
low complexity
libav CWE-125
6.5
2018-01-03 CVE-2017-1000460 NULL Pointer Dereference vulnerability in multiple products
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
network
low complexity
libav ffmpeg google CWE-476
6.5
2017-12-04 CVE-2017-17128 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav 12.2
The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file.
network
low complexity
libav CWE-119
6.5
2017-12-04 CVE-2017-17127 NULL Pointer Dereference vulnerability in Libav 12.2
The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
network
low complexity
libav CWE-476
6.5
2017-03-01 CVE-2016-9826 Numeric Errors vulnerability in Libav 11.8
libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
local
low complexity
libav CWE-189
5.5