Libav

Libav

108 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-8586

Exploit
  • EPSS 0.03%
  • Veröffentlicht 05.08.2025 17:32:05
  • Zuletzt bearbeitet 04.09.2025 15:36:15

A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference...

5.3

CVE-2025-8585

Exploit
  • EPSS 0.03%
  • Veröffentlicht 05.08.2025 17:02:06
  • Zuletzt bearbeitet 04.09.2025 15:36:05

A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking local...

4.8

CVE-2025-8584

Exploit
  • EPSS 0.03%
  • Veröffentlicht 05.08.2025 16:32:06
  • Zuletzt bearbeitet 04.09.2025 15:35:26

A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereferenc...

6.5

CVE-2020-18775

Exploit
  • EPSS 0.29%
  • Veröffentlicht 23.08.2021 22:15:28
  • Zuletzt bearbeitet 21.11.2024 05:08:48

In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.

6.5

CVE-2020-18776

Exploit
  • EPSS 0.24%
  • Veröffentlicht 23.08.2021 22:15:28
  • Zuletzt bearbeitet 21.11.2024 05:08:49

In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.

6.5

CVE-2020-18778

Exploit
  • EPSS 0.48%
  • Veröffentlicht 23.08.2021 22:15:28
  • Zuletzt bearbeitet 21.11.2024 05:08:49

In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.

8.8

CVE-2014-4609

Exploit
  • EPSS 2.15%
  • Veröffentlicht 14.01.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 02:10:33

Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.

7.1

CVE-2019-9717

Exploit
  • EPSS 0.26%
  • Veröffentlicht 19.09.2019 21:15:10
  • Zuletzt bearbeitet 21.11.2024 04:52:09

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.

8.8

CVE-2019-9719

Exploit
  • EPSS 0.52%
  • Veröffentlicht 19.09.2019 21:15:10
  • Zuletzt bearbeitet 21.11.2024 04:52:10

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this i...

7.1

CVE-2019-9720

Exploit
  • EPSS 0.3%
  • Veröffentlicht 19.09.2019 21:15:10
  • Zuletzt bearbeitet 21.11.2024 04:52:10

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.