rpm package

suse/ffmpeg2&distro=SUSE Package Hub 12 SP1

pkg:rpm/suse/ffmpeg2&distro=SUSE%20Package%20Hub%2012%20SP1

Vulnerabilities (6)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-7866	Cri	9.8	< 2.8.11-12.1	2.8.11-12.1	Apr 14, 2017	FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.
CVE-2017-7865	Cri	9.8	< 2.8.11-12.1	2.8.11-12.1	Apr 14, 2017	FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.
CVE-2017-7863	Cri	9.8	< 2.8.11-12.1	2.8.11-12.1	Apr 14, 2017	FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.
CVE-2016-10192	Cri	9.8	< 2.8.11-12.1	2.8.11-12.1	Feb 9, 2017	Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.
CVE-2016-10191	Cri	9.8	< 2.8.11-12.1	2.8.11-12.1	Feb 9, 2017	Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.
CVE-2016-9561	Med	5.5	< 2.8.11-12.1	2.8.11-12.1	Dec 23, 2016	The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.

CVE-2017-7866CriApr 14, 2017
affected < 2.8.11-12.1fixed 2.8.11-12.1
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.
CVE-2017-7865CriApr 14, 2017
affected < 2.8.11-12.1fixed 2.8.11-12.1
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.
CVE-2017-7863CriApr 14, 2017
affected < 2.8.11-12.1fixed 2.8.11-12.1
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.
CVE-2016-10192CriFeb 9, 2017
affected < 2.8.11-12.1fixed 2.8.11-12.1
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.
CVE-2016-10191CriFeb 9, 2017
affected < 2.8.11-12.1fixed 2.8.11-12.1
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.
CVE-2016-9561MedDec 23, 2016
affected < 2.8.11-12.1fixed 2.8.11-12.1
The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.