Search CVE reports
1 – 10 of 343 results
A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling...
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ffmpeg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | — | — |
Some fixes available 6 of 8
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
2 affected packages
libav, ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libav | Not in release | Not in release | — | — |
| ffmpeg | Fixed | Fixed | Fixed | Fixed |
It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion <2. When a STOR chunk is present, a subsequent FOBJ chunk will be saved in ctx->stored_frame. Stored frames can...
2 affected packages
libav, ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libav | Not in release | Not in release | — | — |
| ffmpeg | Ignored | Ignored | Ignored | Ignored |
Some fixes available 5 of 7
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type (and size), and that if there are four channels, the first four are "B", "G",...
2 affected packages
libav, ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libav | Not in release | Not in release | — | — |
| ffmpeg | Fixed | Fixed | Fixed | Fixed |
Some fixes available 3 of 5
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at [0] and...
2 affected packages
libav, ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libav | Not in release | Not in release | — | — |
| ffmpeg | Fixed | Fixed | Not affected | Not affected |
Some fixes available 3 of 5
When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we...
2 affected packages
libav, ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libav | Not in release | Not in release | — | — |
| ffmpeg | Fixed | Fixed | Not affected | Not affected |
When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is...
2 affected packages
libav, ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libav | Not in release | Not in release | — | — |
| ffmpeg | Not affected | Not affected | Not affected | Not affected |
When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than...
2 affected packages
libav, ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libav | Not in release | Not in release | — | — |
| ffmpeg | Not affected | Not affected | Not affected | Not affected |
Some fixes available 4 of 6
When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to...
2 affected packages
libav, ffmpeg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libav | Not in release | Not in release | — | — |
| ffmpeg | Fixed | Fixed | Fixed | Not affected |
Some fixes available 4 of 8
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could...
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ffmpeg | Fixed | Fixed | Fixed | Fixed |
| libav | Not in release | Not in release | — | — |