Libav
by Libav
Source repositories
CVEs (110)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17127 | Med | 0.42 | 6.5 | 0.02 | Dec 4, 2017 | The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | ||
| CVE-2015-5479 | Med | 0.42 | 6.5 | 0.02 | Apr 19, 2016 | The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. | ||
| CVE-2016-9826 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | ||
| CVE-2016-9825 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | ||
| CVE-2016-9824 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||
| CVE-2016-9823 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||
| CVE-2016-9822 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||
| CVE-2016-9821 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||
| CVE-2016-9820 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | ||
| CVE-2016-9819 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | ||
| CVE-2016-8676 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2017 | The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an incomplete fix for CVE-2016-8675. | ||
| CVE-2016-8675 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2017 | The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection. | ||
| CVE-2016-7499 | Med | 0.36 | 5.5 | 0.01 | Feb 15, 2017 | The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. | ||
| CVE-2016-7477 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2017 | The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference. | ||
| CVE-2016-7393 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2017 | Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | ||
| CVE-2016-6832 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2017 | Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing. | ||
| CVE-2016-7424 | Med | 0.36 | 5.5 | 0.02 | Oct 7, 2016 | The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file. | ||
| CVE-2025-8585 | Med | 0.34 | 5.3 | 0.00 | Aug 5, 2025 | A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The… | ||
| CVE-2025-8586 | Low | 0.21 | 3.3 | 0.00 | Aug 5, 2025 | A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch… | ||
| CVE-2025-8584 | Low | 0.21 | 3.3 | 0.00 | Aug 5, 2025 | A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required… |
- risk 0.42cvss 6.5epss 0.02
The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
- risk 0.42cvss 6.5epss 0.02
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
- risk 0.36cvss 5.5epss 0.01
libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
- risk 0.36cvss 5.5epss 0.01
libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
- risk 0.36cvss 5.5epss 0.01
Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
- risk 0.36cvss 5.5epss 0.01
libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
- risk 0.36cvss 5.5epss 0.02
The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an incomplete fix for CVE-2016-8675.
- risk 0.36cvss 5.5epss 0.02
The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection.
- risk 0.36cvss 5.5epss 0.01
The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.
- risk 0.36cvss 5.5epss 0.02
The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference.
- risk 0.36cvss 5.5epss 0.02
Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
- risk 0.36cvss 5.5epss 0.02
Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing.
- risk 0.36cvss 5.5epss 0.02
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.
- risk 0.34cvss 5.3epss 0.00
A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The…
- risk 0.21cvss 3.3epss 0.00
A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch…
- risk 0.21cvss 3.3epss 0.00
A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required…
Page 2 of 6