ALT-PU-2018-1929-1
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-10001
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.
Modified: 2024-11-21
CVE-2018-1999010
FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later.
- 104896
- 104896
- https://github.com/FFmpeg/FFmpeg/commit/cced03dd667a5df6df8fd40d8de0bff477ee02e8
- https://github.com/FFmpeg/FFmpeg/commit/cced03dd667a5df6df8fd40d8de0bff477ee02e8
- [debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update
- [debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update
Modified: 2024-11-21
CVE-2018-6392
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.
- 102848
- 102848
- https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
- https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
- https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235
- https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235
- [debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update
- [debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update
- DSA-4249
- DSA-4249
Modified: 2024-11-21
CVE-2018-6912
The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
Modified: 2024-11-21
CVE-2018-7557
The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.
- https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
- https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
- https://github.com/FFmpeg/FFmpeg/commit/e724bd1dd9efea3abb8586d6644ec07694afceae
- https://github.com/FFmpeg/FFmpeg/commit/e724bd1dd9efea3abb8586d6644ec07694afceae
- [debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update
- [debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update
- GLSA-202003-65
- GLSA-202003-65
- DSA-4249
- DSA-4249
Modified: 2024-11-21
CVE-2018-7751
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.
Modified: 2024-11-21
CVE-2018-9841
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.