Download
| Alert*
CVE-2014-8547
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data. CVE-2014-8546 Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data. CVE-2014-8549 libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data. CVE-2014-8548 Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data. CVE-2014-8543 libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data. CVE-2014-8542 libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data. CVE-2014-8545 libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data. CVE-2014-8544 libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data. CVE-2014-8541 libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via c ... CVE-2013-0858 The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels. CVE-2013-0860 The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. CVE-2013-0861 The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout. CVE-2013-0862 Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array access. CVE-2013-0863 Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data. CVE-2013-0865 The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write. CVE-2013-0866 The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access. CVE-2013-0844 Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access. CVE-2013-0845 libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write. CVE-2012-6615 The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text. CVE-2012-6618 The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate." CVE-2012-6616 The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data. CVE-2012-6617 The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format. CVE-2017-9608 The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. CVE-2017-9993 FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. CVE-2017-9994 libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecifie ... CVE-2017-9992 Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact vi ... CVE-2018-14395 libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. CVE-2018-14394 libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. CVE-2018-1999010 FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fix ... CVE-2015-1208 Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. CVE-2019-12730 aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. |