VYPR

rpm package

suse/ffmpeg&distro=SUSE Package Hub 12 SP1

pkg:rpm/suse/ffmpeg&distro=SUSE%20Package%20Hub%2012%20SP1

Vulnerabilities (6)

  • CVE-2016-10190CriFeb 9, 2017
    affected < 3.1.6-5.1fixed 3.1.6-5.1

    Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.

  • CVE-2016-7905MedDec 23, 2016
    affected < 2.8.8-6.1fixed 2.8.8-6.1

    The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.

  • CVE-2016-7785MedDec 23, 2016
    affected < 2.8.8-6.1fixed 2.8.8-6.1

    The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

  • CVE-2016-7562MedDec 23, 2016
    affected < 2.8.8-6.1fixed 2.8.8-6.1

    The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.

  • CVE-2016-7555MedDec 23, 2016
    affected < 2.8.8-6.1fixed 2.8.8-6.1

    The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.

  • CVE-2016-7502HigDec 23, 2016
    affected < 2.8.8-6.1fixed 2.8.8-6.1

    The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.