VYPR

Vendor CVEs

FFmpeg

All CVEs

510 total · sorted by risk
  • CVE-2013-0864Nov 23, 2013
    risk 0.00cvss epss 0.03

    The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via crafted GIF data that triggers an out-of-bounds array access.

  • CVE-2013-0863Nov 23, 2013
    risk 0.00cvss epss 0.02

    Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data.

  • CVE-2013-0862Nov 23, 2013
    risk 0.00cvss epss 0.02

    Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array access.

  • CVE-2013-0861Nov 23, 2013
    risk 0.00cvss epss 0.02

    The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout.

  • CVE-2013-0860Nov 23, 2013
    risk 0.00cvss epss 0.02

    The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data.

  • CVE-2013-4265Nov 23, 2013
    risk 0.00cvss epss 0.03

    The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference.

  • CVE-2013-4264Nov 23, 2013
    risk 0.00cvss epss 0.02

    The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.

  • CVE-2013-4263Nov 23, 2013
    risk 0.00cvss epss 0.01

    libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write.

  • CVE-2013-0878Nov 23, 2013
    risk 0.00cvss epss 0.02

    The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access.

  • CVE-2013-0877Nov 23, 2013
    risk 0.00cvss epss 0.02

    The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access.

  • CVE-2013-0876Nov 23, 2013
    risk 0.00cvss epss 0.02

    Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access.

  • CVE-2013-0875Nov 23, 2013
    risk 0.00cvss epss 0.04

    The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access.

  • CVE-2013-0874Nov 23, 2013
    risk 0.00cvss epss 0.02

    The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds array access.

  • CVE-2013-0873Nov 23, 2013
    risk 0.00cvss epss 0.03

    The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses."

  • CVE-2013-0872Nov 23, 2013
    risk 0.00cvss epss 0.03

    The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access.

  • CVE-2013-3675Jun 10, 2013
    risk 0.00cvss epss 0.02

    The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush…

  • CVE-2013-3674Jun 10, 2013
    risk 0.00cvss epss 0.02

    The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics…

  • CVE-2013-3673Jun 10, 2013
    risk 0.00cvss epss 0.02

    The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data.

  • CVE-2013-3672Jun 10, 2013
    risk 0.00cvss epss 0.01

    The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via…

  • CVE-2013-3671Jun 10, 2013
    risk 0.00cvss epss 0.01

    The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that…

  • CVE-2013-3670Jun 10, 2013
    risk 0.00cvss epss 0.01

    The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the…

  • CVE-2013-2496Mar 9, 2013
    risk 0.00cvss epss 0.01

    The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified…

  • CVE-2013-2495Mar 9, 2013
    risk 0.00cvss epss 0.01

    The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer…

  • CVE-2013-2277Feb 27, 2013
    risk 0.00cvss epss 0.02

    The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash)…

  • CVE-2013-2276Feb 27, 2013
    risk 0.00cvss epss 0.01

    The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or…

  • CVE-2013-0894Feb 23, 2013
    risk 0.00cvss epss 0.02

    Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote…

  • CVE-2011-3937Jan 5, 2013
    risk 0.00cvss epss 0.02

    The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to…

  • CVE-2012-2882Sep 26, 2012
    risk 0.00cvss epss 0.02

    FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue.

  • CVE-2012-2804Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width.

  • CVE-2012-2803Sep 10, 2012
    risk 0.00cvss epss 0.03

    Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value.

  • CVE-2012-2802Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes."

  • CVE-2012-2801Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes."

  • CVE-2012-2800Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers…

  • CVE-2012-2799Sep 10, 2012
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "put bit buffer when num_saved_bits is reset."

  • CVE-2012-2798Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."

  • CVE-2012-2797Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."

  • CVE-2012-2796Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."

  • CVE-2012-2795Sep 10, 2012
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3) "too many bits in decode_channel_residues()."

  • CVE-2012-2794Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters."

  • CVE-2012-2793Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros."

  • CVE-2012-2792Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame.

  • CVE-2012-2791Sep 10, 2012
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related…

  • CVE-2012-2790Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode."

  • CVE-2012-2789Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs).

  • CVE-2012-2788Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk."

  • CVE-2012-2787Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."

  • CVE-2012-2786Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."

  • CVE-2012-2785Sep 10, 2012
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to (1) "some subframes only encode some channels" or (2) a large order value.

  • CVE-2012-2784Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than…

  • CVE-2012-2783Sep 10, 2012
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to "freeing the returned frame."