Filtered by vendor Ffmpeg
Subscribe
Total
428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2774 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 5.0 MEDIUM | N/A |
| The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, related to starting "a frame outside SETUP state." | |||||
| CVE-2012-0856 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 2.6 LOW | N/A |
| Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file. NOTE: this vulnerability exists because of a regression error. | |||||
| CVE-2013-2277 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 7.5 HIGH | N/A |
| The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data. | |||||
| CVE-2013-7015 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 6.8 MEDIUM | N/A |
| The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data. | |||||
| CVE-2013-7023 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 6.8 MEDIUM | N/A |
| The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. | |||||
| CVE-2013-0878 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 9.3 HIGH | N/A |
| The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access. | |||||
| CVE-2013-7018 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 6.8 MEDIUM | N/A |
| libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. | |||||
| CVE-2011-4353 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2023-12-10 | 4.3 MEDIUM | N/A |
| The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream. | |||||
| CVE-2013-3670 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | N/A |
| The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release. | |||||
| CVE-2013-7008 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 6.8 MEDIUM | N/A |
| The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data. | |||||
| CVE-2013-0845 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 9.3 HIGH | N/A |
| libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write. | |||||
| CVE-2011-3946 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 6.8 MEDIUM | N/A |
| The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop. | |||||
| CVE-2012-0859 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 6.8 MEDIUM | N/A |
| The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893. | |||||
| CVE-2013-0894 | 7 Apple, Canonical, Ffmpeg and 4 more | 7 Macos, Ubuntu Linux, Ffmpeg and 4 more | 2023-12-10 | 7.5 HIGH | N/A |
| Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. | |||||
| CVE-2011-3944 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 6.8 MEDIUM | N/A |
| The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data. | |||||
| CVE-2011-3973 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 5.0 MEDIUM | N/A |
| cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. | |||||
| CVE-2011-1931 | 3 Ffmpeg, Libav, Videolan | 4 Ffmpeg, Libavcodec, Libav and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
| sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file. | |||||
| CVE-2010-4705 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 9.3 HIGH | N/A |
| Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480. | |||||
| CVE-2009-4640 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | N/A |
| Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. | |||||
| CVE-2011-3504 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 9.3 HIGH | N/A |
| The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. | |||||