Download
| Alert*
oval:org.secpod.oval:def:1901925
FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in aft ... oval:org.secpod.oval:def:603253 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:1901467 The ff_h2645_extract_rbsp function in libav-toolscodec in libav-tools 9.21 allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted h264 video file. oval:org.secpod.oval:def:1800188 ffmpeg is installed oval:org.secpod.oval:def:1800893 3.2.9 Fixes following vulnerabilities: CVE-2017-15186, Patch: 3.2.8 Fixes following vulnerabilities: CVE-2017-14054,CVE-2017-14055, CVE-2017-14056, CVE-2017-14057, CVE-2017-14058, CVE-2017-14059, CVE-2017-14169, CVE-2017-14170, CVE-2017-14171, CVE-2017-14222, CVE-2017-14223, CVE-2017-14225,CVE-2017- ... oval:org.secpod.oval:def:1800724 3.2.9 Fixes following vulnerabilities: CVE-2017-15186, Patch: 3.2.8 Fixes following vulnerabilities: CVE-2017-14054,CVE-2017-14055, CVE-2017-14056, CVE-2017-14057, CVE-2017-14058, CVE-2017-14059, CVE-2017-14169, CVE-2017-14170, CVE-2017-14171, CVE-2017-14222, CVE-2017-14223, CVE-2017-14225,CVE-2017- ... oval:org.secpod.oval:def:600833 It was discovered that ffmpeg, Debian"s version of the libav media codec suite, contains vulnerabilities in the DPCM codecs , H.264 , ADPCM , and the KMVC decoder . In addition, this update contains bug fixes from the libav 0.5.9 upstream release. oval:org.secpod.oval:def:600699 Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders for QDM2, VP5, VP6, VMD and SVQ1 files could lead to the execution of arbitrary code. oval:org.secpod.oval:def:600970 Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Shorten, Chines AVS video, VP5, VP6, AVI, AVS and MPEG-1/2 files could lead to the execution of arbitrary code. Most of these issues were discover ... oval:org.secpod.oval:def:601381 ffmpeg is installed oval:org.secpod.oval:def:1901956 The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted MPEG-4 video data. oval:org.secpod.oval:def:54575 ffmpeg: Tools for transcoding, streaming and playing of multimedia files FFmpeg could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:55016 ffmpeg: Tools for transcoding, streaming and playing of multimedia files FFmpeg could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:55304 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:55049 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:603457 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:53373 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:1901291 FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vu ... oval:org.secpod.oval:def:80396 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:1901949 In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. oval:org.secpod.oval:def:603927 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:600804 Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code. These is ... oval:org.secpod.oval:def:600640 Multiple vulnerabilities were found in the ffmpeg, a multimedia player, server and encoder: CVE-2011-3362 An integer signedness error in decode_residual_block function of the Chinese AVS video decoder in libavcodec can lead to denial of service or possible code execution via a crafted CAVS file. C ... oval:org.secpod.oval:def:600616 Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3908 FFmpeg before 0.5.4, allows remote attackers to cause a denial of service or possibly execute arbitrary ... oval:org.secpod.oval:def:1801150 CVE-2018-7751: The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service via a crafted XML file. Fixed In Version:¶ ffmpeg 3.4.3 oval:org.secpod.oval:def:1801151 CVE-2018-7557: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service via an AVI file with crafted dimensions within chroma subsampling data. oval:org.secpod.oval:def:53382 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:603471 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:1800187 CVE-2017-5024 A heap overflow flaw was found in FFmpeg Fixed in 3.0.7 CVE-2017-5025 A heap overflow flaw was found in FFmpeg Fixed in 3.0.7 3.0.5 Fixes following vulnerabilities: CVE-2016-10190, CVE-2016-10191, CVE-2016-10192, 3.0.4 Fixes following vulnerabilities: CVE-2016-5199, CVE-2016-7450, CV ... oval:org.secpod.oval:def:603187 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:53125 Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. These issues could lead to Denial-of-Service and, in some situation, the execution of arbitrary code. CVE-2017-9608 Yihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when parsing a crafte ... oval:org.secpod.oval:def:1800658 3.2.9 Fixes following vulnerabilities: CVE-2017-15186, Patch: 3.2.8 Fixes following vulnerabilities: CVE-2017-14054,CVE-2017-14055, CVE-2017-14056, CVE-2017-14057, CVE-2017-14058, CVE-2017-14059, CVE-2017-14169, CVE-2017-14170, CVE-2017-14171, CVE-2017-14222, CVE-2017-14223, CVE-2017-14225,CVE-2017- ... oval:org.secpod.oval:def:603129 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed Real, MV, RL2, ASF, Apple HLS, Phantom Cine, MXF, NSV, MOV or RTP H.264 files/streams are processed. oval:org.secpod.oval:def:603081 Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. These issues could lead to Denial-of-Service and, in some situation, the execution of arbitrary code. CVE-2017-9608 Yihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when parsing a crafte ... oval:org.secpod.oval:def:53196 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:53153 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed Real, MV, RL2, ASF, Apple HLS, Phantom Cine, MXF, NSV, MOV or RTP H.264 files/streams are processed. oval:org.secpod.oval:def:95057 ffmpeg: Tools for transcoding, streaming and playing of multimedia files Several security issues were fixed in FFmpeg. oval:org.secpod.oval:def:2004960 In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. oval:org.secpod.oval:def:1901945 A denial of service in the subtitle decoder in FFmpeg 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. oval:org.secpod.oval:def:1900916 The decode_residual function in libav-toolscodec in libav-tools 9.21 allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted h264 video file. oval:org.secpod.oval:def:1901243 FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fix ... oval:org.secpod.oval:def:1901069 FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially c ... oval:org.secpod.oval:def:1901621 FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provide ... oval:org.secpod.oval:def:1902054 aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not check for sscanf failure and consequently allows use of uninitialized variables. oval:org.secpod.oval:def:69742 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:1901457 The flv_write_packet function in libav-toolsformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure. oval:org.secpod.oval:def:1901943 libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted HEVC data. oval:org.secpod.oval:def:1800409 CVE-2017-5024 A heap overflow flaw was found in FFmpeg. Fixed in 3.2.4, 3.1.7 CVE-2017-5025 A heap overflow flaw was found in FFmpeg. Fixed in 3.2.4, 3.1.7 oval:org.secpod.oval:def:1800449 CVE-2017-5024 A heap overflow flaw was found in FFmpeg CVE-2017-5025 A heap overflow flaw was found in FFmpeg oval:org.secpod.oval:def:604917 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:95065 ffmpeg: Tools for transcoding, streaming and playing of multimedia files Several security issues were fixed in FFmpeg. oval:org.secpod.oval:def:93328 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:88316 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. |