Libavcodec
by FFmpeg
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14796 | Hig | 0.57 | 8.8 | 0.02 | Sep 28, 2017 | The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in… | ||
| CVE-2017-11399 | Hig | 0.51 | 7.8 | 0.02 | Jul 17, 2017 | Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. | ||
| CVE-2012-5361 | Hig | 0.51 | 7.8 | 0.03 | Mar 20, 2017 | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file. | ||
| CVE-2012-2792 | 0.00 | — | 0.03 | Sep 10, 2012 | Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame. | |||
| CVE-2012-0857 | 0.00 | — | 0.02 | Aug 20, 2012 | Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2011-3974 | 0.00 | — | 0.03 | Oct 2, 2011 | Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese… | |||
| CVE-2010-3429 | 0.00 | — | 0.04 | Sep 30, 2010 | flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability." | |||
| CVE-2008-4868 | 0.00 | — | 0.02 | Nov 1, 2008 | Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers." | |||
| CVE-2005-4048 | 0.00 | — | 0.05 | Dec 7, 2005 | Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG… |
- risk 0.57cvss 8.8epss 0.02
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in…
- risk 0.51cvss 7.8epss 0.02
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.
- risk 0.51cvss 7.8epss 0.03
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.
- CVE-2012-2792Sep 10, 2012risk 0.00cvss —epss 0.03
Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame.
- CVE-2012-0857Aug 20, 2012risk 0.00cvss —epss 0.02
Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors.
- CVE-2011-3974Oct 2, 2011risk 0.00cvss —epss 0.03
Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese…
- CVE-2010-3429Sep 30, 2010risk 0.00cvss —epss 0.04
flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."
- CVE-2008-4868Nov 1, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers."
- CVE-2005-4048Dec 7, 2005risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG…