VYPR

Vendor CVEs

FFmpeg

All CVEs

510 total · sorted by risk
  • CVE-2012-6617Dec 24, 2013
    risk 0.00cvss epss 0.02

    The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.

  • CVE-2012-6616Dec 24, 2013
    risk 0.00cvss epss 0.02

    The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data.

  • CVE-2012-6615Dec 24, 2013
    risk 0.00cvss epss 0.02

    The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text.

  • CVE-2013-4358Dec 24, 2013
    risk 0.00cvss epss 0.01

    libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data.

  • CVE-2013-7024Dec 9, 2013
    risk 0.00cvss epss 0.02

    The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact…

  • CVE-2013-7023Dec 9, 2013
    risk 0.00cvss epss 0.02

    The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

  • CVE-2013-7022Dec 9, 2013
    risk 0.00cvss epss 0.02

    The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.

  • CVE-2013-7021Dec 9, 2013
    risk 0.00cvss epss 0.02

    The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data.

  • CVE-2013-7020Dec 9, 2013
    risk 0.00cvss epss 0.02

    The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via…

  • CVE-2013-7019Dec 9, 2013
    risk 0.00cvss epss 0.02

    The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

  • CVE-2013-7018Dec 9, 2013
    risk 0.00cvss epss 0.02

    libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

  • CVE-2013-7017Dec 9, 2013
    risk 0.00cvss epss 0.02

    libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data.

  • CVE-2013-7016Dec 9, 2013
    risk 0.00cvss epss 0.02

    The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

  • CVE-2013-7015Dec 9, 2013
    risk 0.00cvss epss 0.03

    The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash…

  • CVE-2013-7014Dec 9, 2013
    risk 0.00cvss epss 0.02

    Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.

  • CVE-2013-7013Dec 9, 2013
    risk 0.00cvss epss 0.02

    The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar…

  • CVE-2013-7012Dec 9, 2013
    risk 0.00cvss epss 0.02

    The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000…

  • CVE-2013-7011Dec 9, 2013
    risk 0.00cvss epss 0.02

    The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

  • CVE-2013-7010Dec 9, 2013
    risk 0.00cvss epss 0.03

    Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

  • CVE-2013-7009Dec 9, 2013
    risk 0.00cvss epss 0.02

    The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA…

  • CVE-2013-7008Dec 9, 2013
    risk 0.00cvss epss 0.02

    The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.

  • CVE-2011-4351Dec 9, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2011-3950Dec 9, 2013
    risk 0.00cvss epss 0.02

    The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number.

  • CVE-2011-3949Dec 9, 2013
    risk 0.00cvss epss 0.02

    The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.

  • CVE-2011-3946Dec 9, 2013
    risk 0.00cvss epss 0.06

    The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.

  • CVE-2011-3944Dec 9, 2013
    risk 0.00cvss epss 0.02

    The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.

  • CVE-2011-3941Dec 9, 2013
    risk 0.00cvss epss 0.02

    The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write.

  • CVE-2011-3935Dec 9, 2013
    risk 0.00cvss epss 0.02

    The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size.

  • CVE-2011-3934Dec 9, 2013
    risk 0.00cvss epss 0.02

    Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data.

  • CVE-2013-0859Dec 7, 2013
    risk 0.00cvss epss 0.02

    The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an out-of-bounds array access.

  • CVE-2013-0858Dec 7, 2013
    risk 0.00cvss epss 0.03

    The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.

  • CVE-2013-0857Dec 7, 2013
    risk 0.00cvss epss 0.04

    The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.

  • CVE-2013-0856Dec 7, 2013
    risk 0.00cvss epss 0.02

    The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value.

  • CVE-2013-0855Dec 7, 2013
    risk 0.00cvss epss 0.03

    Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-bounds array access.

  • CVE-2013-0854Dec 7, 2013
    risk 0.00cvss epss 0.03

    The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.

  • CVE-2013-0853Dec 7, 2013
    risk 0.00cvss epss 0.02

    The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.

  • CVE-2013-0852Dec 7, 2013
    risk 0.00cvss epss 0.02

    The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.

  • CVE-2013-0851Dec 7, 2013
    risk 0.00cvss epss 0.02

    The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.

  • CVE-2013-0850Dec 7, 2013
    risk 0.00cvss epss 0.02

    The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.

  • CVE-2013-0849Dec 7, 2013
    risk 0.00cvss epss 0.03

    The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data.

  • CVE-2013-0848Dec 7, 2013
    risk 0.00cvss epss 0.02

    The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access.

  • CVE-2013-0847Dec 7, 2013
    risk 0.00cvss epss 0.02

    The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access.

  • CVE-2013-0846Dec 7, 2013
    risk 0.00cvss epss 0.03

    Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.

  • CVE-2013-0845Dec 7, 2013
    risk 0.00cvss epss 0.04

    libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.

  • CVE-2013-0844Dec 7, 2013
    risk 0.00cvss epss 0.02

    Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.

  • CVE-2013-0869Nov 23, 2013
    risk 0.00cvss epss 0.02

    The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access.

  • CVE-2013-0868Nov 23, 2013
    risk 0.00cvss epss 0.04

    libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."

  • CVE-2013-0867Nov 23, 2013
    risk 0.00cvss epss 0.02

    The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access.

  • CVE-2013-0866Nov 23, 2013
    risk 0.00cvss epss 0.04

    The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.

  • CVE-2013-0865Nov 23, 2013
    risk 0.00cvss epss 0.02

    The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write.

Page 8 of 11