Libav

libav

Vendor: Libav • 108 CVEs

CVEs (108)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-8586 1Libav 1Libav Apr 29, 2026 Aug 5, 2025 1.9 LOW· v4 3.3 LOW· v3 1.7 LOW· v2 A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation lea...Show more A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2025-8585 1Libav 1Libav Apr 29, 2026 Aug 5, 2025 1.9 LOW· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads t...Show more A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2025-8584 1Libav 1Libav Apr 29, 2026 Aug 5, 2025 1.9 LOW· v4 3.3 LOW· v3 1.7 LOW· v2 A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation le...Show more A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2020-18778 1Libav 1Libav Nov 21, 2024 Aug 23, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.
CVE-2020-18776 1Libav 1Libav Nov 21, 2024 Aug 23, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.
CVE-2020-18775 1Libav 1Libav Nov 21, 2024 Aug 23, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.
CVE-2014-4609 1Libav 1Libav Nov 21, 2024 Jan 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.
CVE-2019-9720 1Libav 1Libav Nov 21, 2024 Sep 19, 2019 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
CVE-2019-9719 1Libav 1Libav Nov 21, 2024 Sep 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Thi...Show more A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is providedShow less
CVE-2019-9717 1Libav 1Libav Nov 21, 2024 Sep 19, 2019 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
CVE-2019-14443 2Debian Libav 2Debian Linux Libav Nov 21, 2024 Jul 30, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.
CVE-2019-14442 2Debian Libav 2Debian Linux Libav Nov 21, 2024 Jul 30, 2019 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of servic...Show more In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.Show less
CVE-2019-14441 1Libav 1Libav Nov 21, 2024 Jul 30, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpeg...Show more An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. NOTE: This may be a duplicate of CVE-2018-19129Show less
CVE-2019-14372 1Libav 1Libav Nov 21, 2024 Jul 28, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.
CVE-2019-14371 1Libav 1Libav Nov 21, 2024 Jul 28, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag.
CVE-2017-5984 1Libav 1Libav Nov 21, 2024 May 22, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read.
CVE-2018-20001 1Libav 1Libav Nov 21, 2024 Dec 10, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input.
CVE-2018-19130 1Libav 1Libav Nov 21, 2024 Nov 9, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127
CVE-2018-19129 1Libav 1Libav Nov 21, 2024 Nov 9, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file.
CVE-2018-19128 1Libav 1Libav Nov 21, 2024 Nov 9, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Libav 12.3, there is a heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file.

12 3 4 5 6 Next