rpm package
suse/ffmpeg&distro=SUSE Package Hub 12 SP1
pkg:rpm/suse/ffmpeg&distro=SUSE%20Package%20Hub%2012%20SP1
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-10190 | Cri | 9.8 | < 3.1.6-5.1 | 3.1.6-5.1 | Feb 9, 2017 | Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. | |
| CVE-2016-7905 | Med | 5.5 | < 2.8.8-6.1 | 2.8.8-6.1 | Dec 23, 2016 | The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. | |
| CVE-2016-7785 | Med | 5.5 | < 2.8.8-6.1 | 2.8.8-6.1 | Dec 23, 2016 | The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | |
| CVE-2016-7562 | Med | 5.5 | < 2.8.8-6.1 | 2.8.8-6.1 | Dec 23, 2016 | The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. | |
| CVE-2016-7555 | Med | 5.5 | < 2.8.8-6.1 | 2.8.8-6.1 | Dec 23, 2016 | The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. | |
| CVE-2016-7502 | Hig | 7.8 | < 2.8.8-6.1 | 2.8.8-6.1 | Dec 23, 2016 | The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. |
- affected < 3.1.6-5.1fixed 3.1.6-5.1
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.
- affected < 2.8.8-6.1fixed 2.8.8-6.1
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.
- affected < 2.8.8-6.1fixed 2.8.8-6.1
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
- affected < 2.8.8-6.1fixed 2.8.8-6.1
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.
- affected < 2.8.8-6.1fixed 2.8.8-6.1
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.
- affected < 2.8.8-6.1fixed 2.8.8-6.1
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.