Bugs fixes in "ffmpeg"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2019-12730 | aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of u | 2020-07-22 |
| CVE | CVE-2020-13904 | FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and late | 2020-07-22 |
| CVE | CVE-2020-12284 | cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missin | 2020-07-22 |
| CVE | CVE-2019-13312 | block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. | 2020-07-22 |
| CVE | CVE-2018-15822 | The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failu | 2019-05-06 |
| CVE | CVE-2019-9721 | A denial of service in the subtitle decoder in FFmpeg 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle | 2019-05-06 |
| CVE | CVE-2019-9718 | In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_ht | 2019-05-06 |
| Launchpad | 1823786 | [SRU] ffmpeg 3.4.6 for bionic | 2019-05-06 |
| CVE | CVE-2018-15822 | The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failu | 2019-05-06 |
| CVE | CVE-2019-9721 | A denial of service in the subtitle decoder in FFmpeg 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle | 2019-05-06 |
| CVE | CVE-2019-9718 | In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_ht | 2019-05-06 |
| Launchpad | 1823786 | [SRU] ffmpeg 3.4.6 for bionic | 2019-05-06 |
| CVE | CVE-2018-14395 | libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a | 2018-08-23 |
| CVE | CVE-2018-14394 | libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a | 2018-08-23 |
| CVE | CVE-2018-13302 | In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_ea | 2018-08-23 |
| CVE | CVE-2018-13300 | In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/mov | 2018-08-23 |
| CVE | CVE-2018-12458 | An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 4.0 may trigger an assertion violation while | 2018-08-23 |
| CVE | CVE-2018-10001 | The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) | 2018-08-23 |
| CVE | CVE-2018-7751 | The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a cr | 2018-08-23 |
| CVE | CVE-2018-7557 | The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) | 2018-08-23 |
About
-
Send Feedback to @ubuntu_updates
