rpm package
opensuse/libav-tools&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libav-tools&distro=openSUSE%20Tumbleweed
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-3062 | Hig | 8.8 | < 12.3-1.17 | 12.3-1.17 | Jun 16, 2016 | The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. | |
| CVE-2015-5479 | Med | 6.5 | < 12.3-1.17 | 12.3-1.17 | Apr 19, 2016 | The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. | |
| CVE-2015-3395 | — | < 12.3-1.17 | 12.3-1.17 | Jun 16, 2015 | The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a | ||
| CVE-2015-3417 | — | < 12.3-1.17 | 12.3-1.17 | Apr 24, 2015 | Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO elem | ||
| CVE-2014-9604 | — | < 12.3-1.17 | 12.3-1.17 | Jan 16, 2015 | libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restor | ||
| CVE-2014-8544 | — | < 12.3-1.17 | 12.3-1.17 | Nov 5, 2014 | libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data. | ||
| CVE-2012-6618 | — | < 12.3-1.17 | 12.3-1.17 | Dec 24, 2013 | The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to esti | ||
| CVE-2013-7010 | — | < 12.3-1.17 | 12.3-1.17 | Dec 9, 2013 | Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. | ||
| CVE-2011-3946 | — | < 12.3-1.17 | 12.3-1.17 | Dec 9, 2013 | The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop. | ||
| CVE-2013-0852 | — | < 12.3-1.17 | 12.3-1.17 | Dec 7, 2013 | The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. | ||
| CVE-2013-0851 | — | < 12.3-1.17 | 12.3-1.17 | Dec 7, 2013 | The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access. | ||
| CVE-2013-0868 | — | < 12.3-1.17 | 12.3-1.17 | Nov 23, 2013 | libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases." |
- affected < 12.3-1.17fixed 12.3-1.17
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
- affected < 12.3-1.17fixed 12.3-1.17
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
- CVE-2015-3395Jun 16, 2015affected < 12.3-1.17fixed 12.3-1.17
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a
- CVE-2015-3417Apr 24, 2015affected < 12.3-1.17fixed 12.3-1.17
Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO elem
- CVE-2014-9604Jan 16, 2015affected < 12.3-1.17fixed 12.3-1.17
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restor
- CVE-2014-8544Nov 5, 2014affected < 12.3-1.17fixed 12.3-1.17
libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.
- CVE-2012-6618Dec 24, 2013affected < 12.3-1.17fixed 12.3-1.17
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to esti
- CVE-2013-7010Dec 9, 2013affected < 12.3-1.17fixed 12.3-1.17
Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.
- CVE-2011-3946Dec 9, 2013affected < 12.3-1.17fixed 12.3-1.17
The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.
- CVE-2013-0852Dec 7, 2013affected < 12.3-1.17fixed 12.3-1.17
The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.
- CVE-2013-0851Dec 7, 2013affected < 12.3-1.17fixed 12.3-1.17
The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.
- CVE-2013-0868Nov 23, 2013affected < 12.3-1.17fixed 12.3-1.17
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."