VulnerableCode Package Details - pkg:deb/debian/libav@6:0.8.17-2

Search for packages

Package details: pkg:deb/debian/libav@6:0.8.17-2

Essentials
History (69)

purl	pkg:deb/debian/libav@6:0.8.17-2

Next non-vulnerable version	6:11.12-1~deb8u1
Latest non-vulnerable version	6:11.12-1~deb8u1
Risk	4.4

Vulnerabilities affecting this package (17)

Vulnerability	Summary	Fixed by
VCID-2ntm-6576-aaak Aliases: CVE-2016-1897	FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.
VCID-61uw-6nqp-aaan Aliases: CVE-2016-2326	Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.
VCID-9qcr-482k-aaan Aliases: CVE-2017-9992	Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.
VCID-9qxa-qwwt-aaag Aliases: CVE-2017-7862	FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.
VCID-a4jg-f4bk-aaaq Aliases: CVE-2016-9822	Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.
VCID-eg6q-kekn-aaas Aliases: CVE-2015-3395	The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.
VCID-faq5-mh21-aaac Aliases: CVE-2016-7424	The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.
VCID-fz3u-p7uk-aaag Aliases: CVE-2017-16803	In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.
VCID-mbzc-hcxh-aaac Aliases: CVE-2015-8365	The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.
VCID-nzbg-638u-aaan Aliases: DSA-2947-1 libav	security update	6:11.3-1 Affected by 14 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nzwm-xwz1-aaaj Aliases: CVE-2013-7020	The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.	6:11.3-1 Affected by 14 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ptdp-2cht-aaaf Aliases: CVE-2016-9821	Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.
VCID-py3m-gyc5-aaab Aliases: CVE-2016-1898	FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.
VCID-sg74-9vdh-aaac Aliases: CVE-2014-4609	Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.	6:11.3-1 Affected by 14 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-spc4-d37x-aaap Aliases: CVE-2017-7208	The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.
VCID-xuwj-zjbq-aaag Aliases: CVE-2016-3062	The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.
VCID-zcsn-wgfp-aaak Aliases: CVE-2015-3417	Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.	6:11.12-1~deb8u1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T10:12:26.935401+00:00	Debian Oval Importer	Affected by	VCID-faq5-mh21-aaac	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T10:03:59.978710+00:00	Debian Oval Importer	Affected by	VCID-mbzc-hcxh-aaac	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T10:03:22.558091+00:00	Debian Oval Importer	Affected by	VCID-ptdp-2cht-aaaf	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:57:24.229794+00:00	Debian Oval Importer	Affected by	VCID-a4jg-f4bk-aaaq	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:56:46.185271+00:00	Debian Oval Importer	Affected by	VCID-2ntm-6576-aaak	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:56:19.972212+00:00	Debian Oval Importer	Affected by	VCID-py3m-gyc5-aaab	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:51:17.696510+00:00	Debian Oval Importer	Affected by	VCID-spc4-d37x-aaap	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:50:04.981485+00:00	Debian Oval Importer	Affected by	VCID-zcsn-wgfp-aaak	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:48:32.372614+00:00	Debian Oval Importer	Affected by	VCID-eg6q-kekn-aaas	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:46:26.339963+00:00	Debian Oval Importer	Affected by	VCID-fz3u-p7uk-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:45:19.870048+00:00	Debian Oval Importer	Affected by	VCID-9qcr-482k-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:45:15.674360+00:00	Debian Oval Importer	Affected by	VCID-xuwj-zjbq-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:41:13.735527+00:00	Debian Oval Importer	Affected by	VCID-61uw-6nqp-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:36:41.703895+00:00	Debian Oval Importer	Affected by	VCID-9qxa-qwwt-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-20T19:51:36.853254+00:00	Debian Oval Importer	Affected by	VCID-mbzc-hcxh-aaac	None	36.1.3
2025-06-20T19:51:34.803957+00:00	Debian Oval Importer	Affected by	VCID-fz3u-p7uk-aaag	None	36.1.3
2025-06-20T19:51:23.425895+00:00	Debian Oval Importer	Affected by	VCID-sg74-9vdh-aaac	None	36.1.3
2025-06-20T19:51:22.772158+00:00	Debian Oval Importer	Affected by	VCID-eg6q-kekn-aaas	None	36.1.3
2025-06-20T19:47:52.160420+00:00	Debian Oval Importer	Affected by	VCID-nzwm-xwz1-aaaj	None	36.1.3
2025-06-20T19:44:19.347862+00:00	Debian Oval Importer	Affected by	VCID-faq5-mh21-aaac	None	36.1.3
2025-06-20T19:42:43.840392+00:00	Debian Oval Importer	Affected by	VCID-nzbg-638u-aaan	None	36.1.3
2025-06-20T19:41:40.773343+00:00	Debian Oval Importer	Affected by	VCID-ptdp-2cht-aaaf	None	36.1.3
2025-06-20T19:36:13.196293+00:00	Debian Oval Importer	Affected by	VCID-xuwj-zjbq-aaag	None	36.1.3
2025-06-08T04:01:25.058906+00:00	Debian Oval Importer	Affected by	VCID-faq5-mh21-aaac	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:53:07.371516+00:00	Debian Oval Importer	Affected by	VCID-mbzc-hcxh-aaac	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:52:31.983359+00:00	Debian Oval Importer	Affected by	VCID-ptdp-2cht-aaaf	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:46:23.276731+00:00	Debian Oval Importer	Affected by	VCID-a4jg-f4bk-aaaq	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:45:43.863151+00:00	Debian Oval Importer	Affected by	VCID-2ntm-6576-aaak	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:45:15.790508+00:00	Debian Oval Importer	Affected by	VCID-py3m-gyc5-aaab	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:39:57.341814+00:00	Debian Oval Importer	Affected by	VCID-spc4-d37x-aaap	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:38:45.257233+00:00	Debian Oval Importer	Affected by	VCID-zcsn-wgfp-aaak	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:37:13.260619+00:00	Debian Oval Importer	Affected by	VCID-eg6q-kekn-aaas	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:35:09.586029+00:00	Debian Oval Importer	Affected by	VCID-fz3u-p7uk-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:34:02.414133+00:00	Debian Oval Importer	Affected by	VCID-9qcr-482k-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:33:57.479536+00:00	Debian Oval Importer	Affected by	VCID-xuwj-zjbq-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:29:54.986023+00:00	Debian Oval Importer	Affected by	VCID-61uw-6nqp-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:25:19.438140+00:00	Debian Oval Importer	Affected by	VCID-9qxa-qwwt-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-07T13:43:01.501980+00:00	Debian Oval Importer	Affected by	VCID-mbzc-hcxh-aaac	None	36.1.0
2025-06-07T13:42:59.277622+00:00	Debian Oval Importer	Affected by	VCID-fz3u-p7uk-aaag	None	36.1.0
2025-06-07T13:42:47.987236+00:00	Debian Oval Importer	Affected by	VCID-sg74-9vdh-aaac	None	36.1.0
2025-06-07T13:42:47.285678+00:00	Debian Oval Importer	Affected by	VCID-eg6q-kekn-aaas	None	36.1.0
2025-06-07T13:39:57.844367+00:00	Debian Oval Importer	Affected by	VCID-nzwm-xwz1-aaaj	None	36.1.0
2025-06-07T13:37:01.408140+00:00	Debian Oval Importer	Affected by	VCID-faq5-mh21-aaac	None	36.1.0
2025-06-07T13:35:30.440996+00:00	Debian Oval Importer	Affected by	VCID-nzbg-638u-aaan	None	36.1.0
2025-06-07T13:35:09.731398+00:00	Debian Oval Importer	Affected by	VCID-ptdp-2cht-aaaf	None	36.1.0
2025-06-07T13:31:24.298953+00:00	Debian Oval Importer	Affected by	VCID-xuwj-zjbq-aaag	None	36.1.0
2025-04-08T02:29:42.816399+00:00	Debian Oval Importer	Affected by	VCID-faq5-mh21-aaac	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:20:58.887149+00:00	Debian Oval Importer	Affected by	VCID-mbzc-hcxh-aaac	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:20:23.352478+00:00	Debian Oval Importer	Affected by	VCID-ptdp-2cht-aaaf	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:14:13.285199+00:00	Debian Oval Importer	Affected by	VCID-a4jg-f4bk-aaaq	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:13:32.855255+00:00	Debian Oval Importer	Affected by	VCID-2ntm-6576-aaak	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:13:00.995254+00:00	Debian Oval Importer	Affected by	VCID-py3m-gyc5-aaab	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:07:46.253552+00:00	Debian Oval Importer	Affected by	VCID-spc4-d37x-aaap	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:06:31.725742+00:00	Debian Oval Importer	Affected by	VCID-zcsn-wgfp-aaak	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:04:54.633552+00:00	Debian Oval Importer	Affected by	VCID-eg6q-kekn-aaas	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:02:44.234818+00:00	Debian Oval Importer	Affected by	VCID-fz3u-p7uk-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:01:33.762017+00:00	Debian Oval Importer	Affected by	VCID-9qcr-482k-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:01:29.271854+00:00	Debian Oval Importer	Affected by	VCID-xuwj-zjbq-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T01:57:23.526852+00:00	Debian Oval Importer	Affected by	VCID-61uw-6nqp-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T01:52:41.879408+00:00	Debian Oval Importer	Affected by	VCID-9qxa-qwwt-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-07T12:18:19.948069+00:00	Debian Oval Importer	Affected by	VCID-mbzc-hcxh-aaac	None	36.0.0
2025-04-07T12:18:17.871215+00:00	Debian Oval Importer	Affected by	VCID-fz3u-p7uk-aaag	None	36.0.0
2025-04-07T12:18:06.792190+00:00	Debian Oval Importer	Affected by	VCID-sg74-9vdh-aaac	None	36.0.0
2025-04-07T12:18:06.098994+00:00	Debian Oval Importer	Affected by	VCID-eg6q-kekn-aaas	None	36.0.0
2025-04-07T12:15:19.700163+00:00	Debian Oval Importer	Affected by	VCID-nzwm-xwz1-aaaj	None	36.0.0
2025-04-07T12:12:26.963207+00:00	Debian Oval Importer	Affected by	VCID-faq5-mh21-aaac	None	36.0.0
2025-04-07T12:10:57.277844+00:00	Debian Oval Importer	Affected by	VCID-nzbg-638u-aaan	None	36.0.0
2025-04-07T12:10:35.216764+00:00	Debian Oval Importer	Affected by	VCID-ptdp-2cht-aaaf	None	36.0.0
2025-04-07T12:06:49.478596+00:00	Debian Oval Importer	Affected by	VCID-xuwj-zjbq-aaag	None	36.0.0