Search for packages
| purl | pkg:deb/ubuntu/ffmpeg@3:0.cvs20050121-1ubuntu1.1 |
| Next non-vulnerable version | 7:4.2.4-1ubuntu0.1 |
| Latest non-vulnerable version | 7:4.2.4-1ubuntu0.1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-14m2-nkuw-aaad
Aliases: CVE-2018-1999011 |
FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later. |
Affected by 8 other vulnerabilities. |
|
VCID-15et-tcvg-aaab
Aliases: CVE-2016-5199 |
An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
Affected by 70 other vulnerabilities. |
|
VCID-1a7h-7u36-aaab
Aliases: CVE-2015-8216 |
The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. |
Affected by 103 other vulnerabilities. |
|
VCID-1jb1-3cuz-aaak
Aliases: CVE-2015-6823 |
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. |
Affected by 103 other vulnerabilities. |
|
VCID-1q1z-tvdv-aaad
Aliases: CVE-2017-9996 |
The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. |
Affected by 56 other vulnerabilities. |
|
VCID-2752-ce5b-aaar
Aliases: CVE-2015-6761 |
The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. |
Affected by 103 other vulnerabilities. |
|
VCID-29r4-djrj-aaaa
Aliases: CVE-2017-7866 |
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. |
Affected by 90 other vulnerabilities. |
|
VCID-2mf8-732n-aaad
Aliases: CVE-2017-9993 |
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. |
Affected by 56 other vulnerabilities. |
|
VCID-2ntm-6576-aaak
Aliases: CVE-2016-1897 |
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. |
Affected by 94 other vulnerabilities. |
|
VCID-2ut6-x9bk-aaas
Aliases: CVE-2014-8543 |
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data. |
Affected by 120 other vulnerabilities. |
|
VCID-3m7x-ghyy-aaas
Aliases: CVE-2017-17081 |
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. |
Affected by 33 other vulnerabilities. |
|
VCID-3tb5-cz2m-aaad
Aliases: CVE-2014-8544 |
libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data. |
Affected by 120 other vulnerabilities. |
|
VCID-3vah-a89g-aaap
Aliases: CVE-2012-2805 |
Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. |
Affected by 83 other vulnerabilities. |
|
VCID-3zxj-ern9-aaad
Aliases: CVE-2016-2330 |
libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions. |
Affected by 94 other vulnerabilities. |
|
VCID-4ecp-dfmd-aaah
Aliases: CVE-2016-7785 |
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. |
Affected by 72 other vulnerabilities. |
|
VCID-4kfh-pqwk-aaam
Aliases: CVE-2020-12284 |
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. |
Affected by 0 other vulnerabilities. |
|
VCID-4n1q-khpd-aaaf
Aliases: CVE-2018-1999015 |
FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. |
Affected by 8 other vulnerabilities. |
|
VCID-4pjh-7ahs-aaak
Aliases: CVE-2019-9718 |
In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. |
Affected by 23 other vulnerabilities. |
|
VCID-586c-hyzz-aaag
Aliases: CVE-2017-9608 |
The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. |
Affected by 35 other vulnerabilities. |
|
VCID-5dqy-j63p-aaaf
Aliases: CVE-2015-6826 |
The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data. |
Affected by 103 other vulnerabilities. |
|
VCID-5q5c-26r2-aaad
Aliases: CVE-2016-9561 |
The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. |
Affected by 64 other vulnerabilities. |
|
VCID-5z9u-cphw-aaaq
Aliases: CVE-2015-8363 |
The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers. |
Affected by 103 other vulnerabilities. |
|
VCID-61uw-6nqp-aaan
Aliases: CVE-2016-2326 |
Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file. |
Affected by 94 other vulnerabilities. |
|
VCID-6jax-8p9w-aaaq
Aliases: CVE-2018-14394 |
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. |
Affected by 25 other vulnerabilities. |
|
VCID-6w2t-jdhk-aaak
Aliases: CVE-2018-1999013 |
FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later. |
Affected by 16 other vulnerabilities. |
|
VCID-74nt-rjfe-aaac
Aliases: CVE-2017-9051 |
libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c. |
Affected by 61 other vulnerabilities. |
|
VCID-7dn2-r1a7-aaae
Aliases: CVE-2017-14170 |
In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file. |
Affected by 42 other vulnerabilities. |
|
VCID-7kq9-msvh-aaar
Aliases: CVE-2015-1208 |
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. |
Affected by 83 other vulnerabilities. |
|
VCID-7mj8-x82v-aaak
Aliases: CVE-2016-7502 |
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. |
Affected by 72 other vulnerabilities. |
|
VCID-8kjy-bqd6-aaaf
Aliases: CVE-2015-6822 |
The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. |
Affected by 103 other vulnerabilities. |
|
VCID-8rdd-jbf1-aaap
Aliases: CVE-2016-7562 |
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. |
Affected by 72 other vulnerabilities. |
|
VCID-8u2m-qhwh-aaaf
Aliases: CVE-2017-14169 |
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. |
Affected by 42 other vulnerabilities. |
|
VCID-9aua-7ce1-aaap
Aliases: CVE-2019-13390 |
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. |
Affected by 3 other vulnerabilities. |
|
VCID-9dtm-1g33-aaaf
Aliases: CVE-2012-2771 |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. |
Affected by 83 other vulnerabilities. |
|
VCID-9q4u-vc5g-aaac
Aliases: CVE-2014-8547 |
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data. |
Affected by 120 other vulnerabilities. |
|
VCID-9qcr-482k-aaan
Aliases: CVE-2017-9992 |
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
Affected by 56 other vulnerabilities. |
|
VCID-9qxa-qwwt-aaag
Aliases: CVE-2017-7862 |
FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. |
Affected by 62 other vulnerabilities. |
|
VCID-9t3p-he4d-aaaq
Aliases: CVE-2014-9676 |
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free. |
Affected by 120 other vulnerabilities. |
|
VCID-9z3v-fyrt-aaab
Aliases: CVE-2014-8542 |
libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data. |
Affected by 120 other vulnerabilities. |
|
VCID-b4ay-xbyg-aaaa
Aliases: CVE-2017-5024 |
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
Affected by 64 other vulnerabilities. |
|
VCID-b6gm-xpgj-aaag
Aliases: CVE-2017-5025 |
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
Affected by 64 other vulnerabilities. |
|
VCID-bcq9-t15m-aaaj
Aliases: CVE-2018-6392 |
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. |
Affected by 32 other vulnerabilities. |
|
VCID-bh3j-qqba-aaah
Aliases: CVE-2017-11665 |
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. |
Affected by 35 other vulnerabilities. |
|
VCID-bqba-t4n4-aaaa
Aliases: CVE-2018-1999012 |
FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later. |
Affected by 16 other vulnerabilities. |
|
VCID-bvky-9hes-aaas
Aliases: CVE-2012-2780 |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781. |
Affected by 83 other vulnerabilities. |
|
VCID-bwy7-r3zn-aaaq
Aliases: CVE-2012-2778 |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781. |
Affected by 83 other vulnerabilities. |
|
VCID-bzw7-6zte-aaap
Aliases: CVE-2017-14057 |
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. |
Affected by 42 other vulnerabilities. |
|
VCID-cbs9-ghtb-aaad
Aliases: CVE-2018-13303 |
In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. |
Affected by 16 other vulnerabilities. |
|
VCID-cbxw-vtb2-aaaa
Aliases: CVE-2017-9994 |
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. |
Affected by 56 other vulnerabilities. |
|
VCID-cckq-n19n-aaaf
Aliases: CVE-2015-6824 |
The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. |
Affected by 103 other vulnerabilities. |
|
VCID-d2km-vkr1-aaaa
Aliases: CVE-2017-11684 |
There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. |
Affected by 82 other vulnerabilities. |
|
VCID-dz27-wtfq-aaas
Aliases: CVE-2017-14223 |
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. |
Affected by 42 other vulnerabilities. |
|
VCID-eg6q-kekn-aaas
Aliases: CVE-2015-3395 |
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. |
Affected by 103 other vulnerabilities. |
|
VCID-emyq-4jsu-aaaf
Aliases: CVE-2018-14395 |
libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. |
Affected by 25 other vulnerabilities. |
|
VCID-eq24-xw48-aaak
Aliases: CVE-2017-7865 |
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. |
Affected by 90 other vulnerabilities. |
|
VCID-eryp-xht1-aaaj
Aliases: CVE-2016-10192 |
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. |
Affected by 67 other vulnerabilities. |
|
VCID-esrt-7v6p-aaam
Aliases: CVE-2014-8545 |
libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data. |
Affected by 120 other vulnerabilities. |
|
VCID-ew2u-jpnp-aaar
Aliases: CVE-2016-7555 |
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. |
Affected by 72 other vulnerabilities. |
|
VCID-fgfq-kanq-aaad
Aliases: CVE-2016-10190 |
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. |
Affected by 67 other vulnerabilities. |
|
VCID-fnav-hxbn-aaae
Aliases: CVE-2018-6621 |
The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. |
Affected by 31 other vulnerabilities. |
|
VCID-futc-s8u6-aaah
Aliases: CVE-2017-14767 |
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. |
Affected by 35 other vulnerabilities. |
|
VCID-fwv9-gp8j-aaah
Aliases: CVE-2018-15822 |
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. |
Affected by 12 other vulnerabilities. |
|
VCID-g5e6-nvsq-aaaj
Aliases: CVE-2017-15672 |
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. |
Affected by 35 other vulnerabilities. |
|
VCID-g8n8-s1a4-aaaf
Aliases: CVE-2017-14222 |
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. |
Affected by 42 other vulnerabilities. |
|
VCID-gj7w-e6y9-aaap
Aliases: CVE-2017-14058 |
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). |
Affected by 42 other vulnerabilities. |
|
VCID-gm7x-n9ub-aaak
Aliases: CVE-2019-17542 |
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. |
Affected by 3 other vulnerabilities. |
|
VCID-gz39-sv5n-aaab
Aliases: CVE-2016-10191 |
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. |
Affected by 67 other vulnerabilities. |
|
VCID-h238-yys4-aaak
Aliases: CVE-2015-6818 |
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. |
Affected by 103 other vulnerabilities. |
|
VCID-h71n-hvh3-aaak
Aliases: CVE-2012-2773 |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. |
Affected by 83 other vulnerabilities. |
|
VCID-h7zx-7n98-aaap
Aliases: CVE-2014-8548 |
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data. |
Affected by 120 other vulnerabilities. |
|
VCID-hcvr-k8rp-aaag
Aliases: CVE-2019-9721 |
A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. |
Affected by 23 other vulnerabilities. |
|
VCID-j9je-s5ab-aaah
Aliases: CVE-2019-13312 |
block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. |
Affected by 0 other vulnerabilities. |
|
VCID-jkhj-2usb-aaaf
Aliases: CVE-2019-12730 |
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. |
Affected by 6 other vulnerabilities. |
|
VCID-k7pc-r371-aaas
Aliases: CVE-2018-10001 |
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. |
Affected by 25 other vulnerabilities. |
|
VCID-kf4q-f83v-aaad
Aliases: CVE-2016-7393 |
Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. |
Affected by 93 other vulnerabilities. |
|
VCID-kfuh-tb3c-aaar
Aliases: CVE-2018-7751 |
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. |
Affected by 21 other vulnerabilities. |
|
VCID-m83j-rv88-aaag
Aliases: CVE-2016-7122 |
The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. |
Affected by 72 other vulnerabilities. |
|
VCID-m98q-kzrc-aaac
Aliases: CVE-2017-14056 |
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops. |
Affected by 42 other vulnerabilities. |
|
VCID-mbzc-hcxh-aaac
Aliases: CVE-2015-8365 |
The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data. |
Affected by 103 other vulnerabilities. |
|
VCID-mmb7-pkvg-aaas
Aliases: CVE-2017-11399 |
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. |
Affected by 35 other vulnerabilities. |
|
VCID-mp12-nmvu-aaad
Aliases: CVE-2017-16840 |
The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. |
Affected by 33 other vulnerabilities. |
|
VCID-n53j-kbj9-aaaf
Aliases: CVE-2018-12458 |
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. |
Affected by 25 other vulnerabilities. |
|
VCID-na1d-ghrh-aaar
Aliases: CVE-2015-6825 |
The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file. |
Affected by 103 other vulnerabilities. |
|
VCID-nc25-w5ga-aaah
Aliases: CVE-2017-14059 |
In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. |
Affected by 42 other vulnerabilities. |
|
VCID-npzp-bxuk-aaaj
Aliases: CVE-2017-7859 |
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. |
Affected by 54 other vulnerabilities. |
|
VCID-nyj3-axt4-aaae
Aliases: CVE-2014-8541 |
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data. |
Affected by 120 other vulnerabilities. |
|
VCID-p14s-ajvn-aaaq
Aliases: CVE-2012-6618 |
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate." |
Affected by 22 other vulnerabilities. |
|
VCID-p5az-wb4u-aaah
Aliases: CVE-2016-7905 |
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. |
Affected by 72 other vulnerabilities. |
|
VCID-pdga-yrz9-aaar
Aliases: CVE-2020-13904 |
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. |
Affected by 0 other vulnerabilities. |
|
VCID-phkk-1d4g-aaaa
Aliases: CVE-2017-11719 |
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. |
Affected by 35 other vulnerabilities. |
|
VCID-px3s-9gbb-aaaq
Aliases: CVE-2018-13301 |
In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. |
Affected by 13 other vulnerabilities. |
|
VCID-py3m-gyc5-aaab
Aliases: CVE-2016-1898 |
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file. |
Affected by 94 other vulnerabilities. |
|
VCID-q6tj-6jpa-aaae
Aliases: CVE-2016-6920 |
Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. |
Affected by 72 other vulnerabilities. |
|
VCID-qak4-m8wy-aaag
Aliases: CVE-2018-7557 |
The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. |
Affected by 25 other vulnerabilities. |
|
VCID-qhrc-t8ky-aaan
Aliases: CVE-2015-8662 |
The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. |
Affected by 102 other vulnerabilities. |
|
VCID-rk7z-d7gh-aaad
Aliases: CVE-2016-2213 |
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data. |
Affected by 94 other vulnerabilities. |
|
VCID-rvnw-86za-aaag
Aliases: CVE-2016-6881 |
The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. |
Affected by 72 other vulnerabilities. |
|
VCID-sa36-epvb-aaam
Aliases: CVE-2017-14054 |
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop. |
Affected by 42 other vulnerabilities. |
|
VCID-sdc4-htrd-aaac
Aliases: CVE-2018-1999014 |
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later. |
Affected by 8 other vulnerabilities. |
|
VCID-shay-9ke5-aaar
Aliases: CVE-2018-1999010 |
FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later. |
Affected by 16 other vulnerabilities. |
|
VCID-sueb-tnh7-aaae
Aliases: CVE-2017-1000460 |
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. |
Affected by 55 other vulnerabilities. |
|
VCID-sxdk-76zw-aaae
Aliases: CVE-2018-13300 |
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. |
Affected by 14 other vulnerabilities. |
|
VCID-sxrg-7r31-aaaf
Aliases: CVE-2015-6821 |
The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data. |
Affected by 103 other vulnerabilities. |
|
VCID-syuw-8e9k-aaab
Aliases: CVE-2018-13305 |
In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. |
Affected by 8 other vulnerabilities. |
|
VCID-trtj-axhb-aaak
Aliases: CVE-2017-14171 |
In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop. |
Affected by 42 other vulnerabilities. |
|
VCID-tusb-x1tq-aaam
Aliases: CVE-2016-8595 |
The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. |
Affected by 70 other vulnerabilities. |
|
VCID-u27y-k5py-aaar
Aliases: CVE-2018-13304 |
In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c. |
Affected by 16 other vulnerabilities. |
|
VCID-umr3-nguf-aaak
Aliases: CVE-2017-7863 |
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. |
Affected by 62 other vulnerabilities. |
|
VCID-un45-kbhh-aaak
Aliases: CVE-2015-8364 |
Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data. |
Affected by 103 other vulnerabilities. |
|
VCID-urpq-5tst-aaae
Aliases: CVE-2019-11338 |
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. |
Affected by 7 other vulnerabilities. |
|
VCID-uw9m-efdf-aaan
Aliases: CVE-2018-9841 |
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename. |
Affected by 25 other vulnerabilities. |
|
VCID-uy5s-m45w-aaah
Aliases: CVE-2017-14055 |
In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop. |
Affected by 42 other vulnerabilities. |
|
VCID-v3hs-ad4z-aaaf
Aliases: CVE-2015-6819 |
Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. |
Affected by 103 other vulnerabilities. |
|
VCID-vky4-48ed-aaan
Aliases: CVE-2015-5479 |
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. |
Affected by 103 other vulnerabilities. |
|
VCID-vmn5-9pwf-aaar
Aliases: CVE-2019-17539 |
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. |
Affected by 3 other vulnerabilities. |
|
VCID-vr1w-btuh-aaae
Aliases: CVE-2016-7450 |
The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. |
Affected by 72 other vulnerabilities. |
|
VCID-w9hb-45g2-aaak
Aliases: CVE-2016-2327 |
libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions. |
Affected by 94 other vulnerabilities. |
|
VCID-wchu-fpse-aaas
Aliases: CVE-2012-2781 |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780. |
Affected by 83 other vulnerabilities. |
|
VCID-wdwe-3jym-aaar
Aliases: CVE-2018-13302 |
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact. |
Affected by 14 other vulnerabilities. |
|
VCID-x36b-m4rd-aaac
Aliases: CVE-2017-15186 |
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. |
Affected by 35 other vulnerabilities. |
|
VCID-x4bs-kgns-aaad
Aliases: CVE-2014-8546 |
Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data. |
Affected by 120 other vulnerabilities. |
|
VCID-xabt-8jr6-aaag
Aliases: CVE-2017-14225 |
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) |
Affected by 42 other vulnerabilities. |
|
VCID-xc2v-aq1j-aaad
Aliases: CVE-2015-8217 |
The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data. |
Affected by 103 other vulnerabilities. |
|
VCID-xswm-qbhf-aaam
Aliases: CVE-2016-6164 |
Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. |
Affected by 92 other vulnerabilities. |
|
VCID-y4v2-6csv-aaad
Aliases: CVE-2016-2328 |
libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions. |
Affected by 94 other vulnerabilities. |
|
VCID-y65y-v8v8-aaan
Aliases: CVE-2016-2329 |
libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions. |
Affected by 94 other vulnerabilities. |
|
VCID-yheh-pp5h-aaam
Aliases: CVE-2016-6671 |
The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. |
Affected by 72 other vulnerabilities. |
|
VCID-zggf-4qxd-aaaj
Aliases: CVE-2015-8219 |
The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. |
Affected by 103 other vulnerabilities. |
|
VCID-zye3-r32m-aaah
Aliases: CVE-2017-9991 |
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
Affected by 56 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|