rpm package

suse/ffmpeg&distro=SUSE Package Hub 12 SP2

pkg:rpm/suse/ffmpeg&distro=SUSE%20Package%20Hub%2012%20SP2

Vulnerabilities (13)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-6621	Med	6.5	< 3.4.2-14.1	3.4.2-14.1	Feb 5, 2018	The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
CVE-2018-6392	Med	6.5	< 3.4.2-14.1	3.4.2-14.1	Jan 29, 2018	The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.
CVE-2017-17555	Med	6.5	< 3.4.2-14.1	3.4.2-14.1	Dec 12, 2017	The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.
CVE-2017-17081	Med	6.5	< 3.4.2-14.1	3.4.2-14.1	Nov 30, 2017	The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.
CVE-2017-16840	Cri	9.8	< 3.4.2-14.1	3.4.2-14.1	Nov 21, 2017	The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
CVE-2017-15672	Hig	8.8	< 3.4.2-14.1	3.4.2-14.1	Nov 6, 2017	The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
CVE-2017-15186	Med	6.5	< 3.4.2-14.1	3.4.2-14.1	Oct 24, 2017	Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.
CVE-2017-5025	Med	5.5	< 3.1.8-8.1	3.1.8-8.1	Feb 17, 2017	FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
CVE-2017-5024	Med	5.5	< 3.1.8-8.1	3.1.8-8.1	Feb 17, 2017	FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
CVE-2016-10192	Cri	9.8	< 3.1.8-8.1	3.1.8-8.1	Feb 9, 2017	Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.
CVE-2016-10191	Cri	9.8	< 3.1.8-8.1	3.1.8-8.1	Feb 9, 2017	Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.
CVE-2016-10190	Cri	9.8	< 3.1.6-5.1	3.1.6-5.1	Feb 9, 2017	Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.
CVE-2016-9561	Med	5.5	< 3.1.8-8.1	3.1.8-8.1	Dec 23, 2016	The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.

CVE-2018-6621MedFeb 5, 2018
affected < 3.4.2-14.1fixed 3.4.2-14.1
The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
CVE-2018-6392MedJan 29, 2018
affected < 3.4.2-14.1fixed 3.4.2-14.1
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.
CVE-2017-17555MedDec 12, 2017
affected < 3.4.2-14.1fixed 3.4.2-14.1
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.
CVE-2017-17081MedNov 30, 2017
affected < 3.4.2-14.1fixed 3.4.2-14.1
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.
CVE-2017-16840CriNov 21, 2017
affected < 3.4.2-14.1fixed 3.4.2-14.1
The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
CVE-2017-15672HigNov 6, 2017
affected < 3.4.2-14.1fixed 3.4.2-14.1
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
CVE-2017-15186MedOct 24, 2017
affected < 3.4.2-14.1fixed 3.4.2-14.1
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.
CVE-2017-5025MedFeb 17, 2017
affected < 3.1.8-8.1fixed 3.1.8-8.1
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
CVE-2017-5024MedFeb 17, 2017
affected < 3.1.8-8.1fixed 3.1.8-8.1
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
CVE-2016-10192CriFeb 9, 2017
affected < 3.1.8-8.1fixed 3.1.8-8.1
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.
CVE-2016-10191CriFeb 9, 2017
affected < 3.1.8-8.1fixed 3.1.8-8.1
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.
CVE-2016-10190CriFeb 9, 2017
affected < 3.1.6-5.1fixed 3.1.6-5.1
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.
CVE-2016-9561MedDec 23, 2016
affected < 3.1.8-8.1fixed 3.1.8-8.1
The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.