MidnightBSD

Advisories for ffmpeg

CVE-2005-4048 HIGH

Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg cvs
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.7
CVE-2009-0385 HIGH

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.04
debian debian_linux 6.0
debian debian_linux 4.0
canonical ubuntu_linux 7.10
fedoraproject fedora 9
canonical ubuntu_linux 8.10
ffmpeg ffmpeg *
fedoraproject fedora 10
debian debian_linux 5.0
CVE-2009-4631 HIGH

Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.5
CVE-2009-4632 MEDIUM

oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.5
CVE-2009-4633 HIGH

vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.5
CVE-2009-4634 HIGH

Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.5
CVE-2009-4635 HIGH

FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.5
CVE-2009-4636 MEDIUM

FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.5
CVE-2009-4637 HIGH

FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.5
CVE-2009-4638 MEDIUM

Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.5
CVE-2009-4639 MEDIUM

The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.5
CVE-2009-4640 MEDIUM

Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.5
CVE-2010-3429 MEDIUM

flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
mplayerhq mplayer 0.18
ffmpeg ffmpeg 0.3.4
mplayerhq mplayer 0.92.1
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.7
mplayerhq mplayer 0.60
mplayerhq mplayer 0.11
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
mplayerhq mplayer 0.05
mplayerhq mplayer 0.06
mplayerhq mplayer 0.09
mplayerhq mplayer *
ffmpeg ffmpeg 0.4.2
mplayerhq mplayer 0.08
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.4.4
ffmpeg libavcodec *
mplayerhq mplayer 0.01
mplayerhq mplayer 0.90
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.3
mplayerhq mplayer 0.07
mplayerhq mplayer 0.02
mplayerhq mplayer 0.17_idegcounter
mplayerhq mplayer 0.92
ffmpeg ffmpeg 0.4.6
mplayerhq mplayer 1.0
mplayerhq mplayer 0.10
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
mplayerhq mplayer 0.50
mplayerhq mplayer 0.17a_idegcounter
ffmpeg ffmpeg *
mplayerhq mplayer 0.91
mplayerhq mplayer 0.93
CVE-2010-3908 MEDIUM

FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
mplayerhq mplayer *
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
CVE-2010-4704 MEDIUM

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
CVE-2010-4705 HIGH

Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.6
CVE-2011-0722 MEDIUM

FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
mplayerhq mplayer *
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
CVE-2011-0723 MEDIUM

FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.5.4
mplayer mplayer *
ffmpeg ffmpeg 0.5.3
CVE-2011-1931 MEDIUM

sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
videolan vlc_media_player 0.2.91
videolan vlc_media_player 1.0.0
videolan vlc_media_player 0.7.2
ffmpeg ffmpeg 0.4.7
videolan vlc_media_player 0.9.5
videolan vlc_media_player 0.2.72
videolan vlc_media_player 1.0.2
videolan vlc_media_player 0.4.0
videolan vlc_media_player 0.8.1
videolan vlc_media_player 0.3.1
videolan vlc_media_player 0.6.1
videolan vlc_media_player 0.4.6
videolan vlc_media_player 0.2.61
videolan vlc_media_player 0.5.0
videolan vlc_media_player 1.0.4
videolan vlc_media_player 1.0.1
videolan vlc_media_player 0.4.5
videolan vlc_media_player 0.2.73
videolan vlc_media_player 0.5.3
videolan vlc_media_player 1.1.7
ffmpeg ffmpeg 0.5.3
videolan vlc_media_player 0.3.0
videolan vlc_media_player 1.0.3
videolan vlc_media_player 0.2.62
ffmpeg ffmpeg 0.3.4
videolan vlc_media_player 0.8.5
videolan vlc_media_player 0.1.99h
videolan vlc_media_player 1.1.8
libav libav 0.4.8
videolan vlc_media_player 0.4.4
videolan vlc_media_player 1.1.6
libav libav *
videolan vlc_media_player 0.2.71
videolan vlc_media_player 0.8.2
videolan vlc_media_player 1.1.2
ffmpeg ffmpeg 0.4.2
videolan vlc_media_player 0.1.99f
videolan vlc_media_player 0.4.3
ffmpeg ffmpeg 0.6.1
libav libav 0.4.9
videolan vlc_media_player 0.2.60
ffmpeg ffmpeg 0.4.0
libav libav 0.4.6
videolan vlc_media_player 0.1.99i
libav libav 0.4.5
videolan vlc_media_player 1.0.5
videolan vlc_media_player 0.2.70
libav libav 0.4.1
libav libav 0.4.7
videolan vlc_media_player 1.1.4
videolan vlc_media_player 0.8.0
libav libav 0.5.4
videolan vlc_media_player 1.1.4.1
videolan vlc_media_player 0.9.4
videolan vlc_media_player 0.8.6
videolan vlc_media_player 0.5.1
libav libav 0.4.4
ffmpeg ffmpeg 0.5.1
libav libav 0.4.0
videolan vlc_media_player 0.2.63
videolan vlc_media_player 1.1.0
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
videolan vlc_media_player 1.1.1
libav libav 0.3.2
videolan vlc_media_player 0.2.82
videolan vlc_media_player 0.5.2
videolan vlc_media_player 0.6.0
videolan vlc_media_player 0.9.9
videolan vlc_media_player 0.9.10
ffmpeg ffmpeg 0.3
videolan vlc_media_player 1.1.3
ffmpeg ffmpeg 0.4.6
videolan vlc_media_player 0.1.99b
libav libav 0.6.1
videolan vlc_media_player 0.7.0
videolan vlc_media_player 0.9.2
videolan vlc_media_player 0.4.1
videolan vlc_media_player 0.9.8a
videolan vlc_media_player 1.1.5
videolan vlc_media_player 0.8.4
videolan vlc_media_player 0.1.99e
videolan vlc_media_player 1.0.6
libav libav 0.4.2
ffmpeg ffmpeg 0.4.8
libav libav 0.6
videolan vlc_media_player 0.1.99g
videolan vlc_media_player 0.2.81
ffmpeg ffmpeg 0.4.3
videolan vlc_media_player 0.2.92
ffmpeg ffmpeg 0.5.4
libav libav 0.3.1
libav libav 0.4.3
videolan vlc_media_player 0.2.0
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.4.4
videolan vlc_media_player 0.9.6
videolan vlc_media_player 0.9.3
libav libav 0.5
libav libav 0.3
videolan vlc_media_player 0.2.80
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
videolan vlc_media_player 0.2.90
videolan vlc_media_player 0.6.2
videolan vlc_media_player 0.4.2
libav libav 0.3.4
ffmpeg ffmpeg *
videolan vlc_media_player *
videolan vlc_media_player 0.2.83
libav libav 0.3.3
CVE-2011-2160 HIGH

The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
mplayerhq mplayer *
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
CVE-2011-2161 MEDIUM

The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2011-2162 HIGH

Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mandriva linux 2010.0
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.5.1
mandriva linux 2010.1
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.7
mandriva linux 2009.0
mandriva enterprise_server 5
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.6
mplayerhq mplayer 1.0
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5.4
mandriva corporate_server 4.0
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.5.3
CVE-2011-3362 MEDIUM

Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libav libav 0.4.4
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.5.1
libav libav 0.4.0
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
libav libav 0.3.2
libav libav 0.7
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
libav libav 0.6.1
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.3.4
libav libav 0.4.2
ffmpeg ffmpeg 0.4.8
libav libav 0.6
libav libav 0.4.8
ffmpeg ffmpeg 0.4.3
libav libav *
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.3.1
libav libav 0.4.3
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.6.1
libav libav 0.6.2
ffmpeg ffmpeg 0.4.4
libav libav 0.4.9
ffmpeg ffmpeg 0.4.0
libav libav 0.4.6
libav libav 0.4.5
libav libav 0.4.1
libav libav 0.5
libav libav 0.4.7
ffmpeg ffmpeg 0.7.1
libav libav 0.3
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.5.4
libav libav 0.3.4
ffmpeg ffmpeg *
libav libav 0.3.3
CVE-2011-3504 HIGH

The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.3.2
CVE-2011-3929 MEDIUM

The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
libav libav 0.6.5
libav libav 0.5.7
libav libav 0.5.3
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.8.7
libav libav 0.6.3
libav libav 0.8
libav libav 0.7
libav libav 0.6.2
libav libav 0.6.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
libav libav 0.5
libav libav 0.5.1
ffmpeg ffmpeg 0.7.1
libav libav 0.5.6
ffmpeg ffmpeg 0.8.5
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.7.3
libav libav 0.7.1
ffmpeg ffmpeg 0.7.6
CVE-2011-3934 MEDIUM

Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2011-3935 MEDIUM

The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2011-3936 MEDIUM

The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
libav libav 0.6.5
libav libav 0.5.7
ffmpeg ffmpeg 0.7
libav libav 0.5.3
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.8.7
libav libav 0.6.3
libav libav 0.8
libav libav 0.7
libav libav 0.6.2
libav libav 0.6.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.2
libav libav 0.5
libav libav 0.5.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
libav libav 0.5.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.8.5
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
libav libav 0.5.5
libav libav 0.5.4
ffmpeg ffmpeg 0.8.1
libav libav 0.7.3
libav libav 0.7.1
ffmpeg ffmpeg 0.7.6
CVE-2011-3937 HIGH

The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.6.3
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
libav libav 0.5.1
libav libav 0.5.6
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
libav libav 0.6.5
libav libav 0.5.7
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
libav libav 0.5.3
ffmpeg ffmpeg 0.4.8
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
libav libav 0.6.2
libav libav 0.6.4
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
libav libav 0.5
libav libav 0.5.8
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.5.5
libav libav 0.5.4
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2011-3940 MEDIUM

nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
libav libav 0.6.5
libav libav 0.5.7
libav libav 0.5.3
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.8.7
libav libav 0.6.3
libav libav 0.8
libav libav 0.7
libav libav 0.6.2
libav libav 0.6.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
libav libav 0.5
libav libav 0.5.1
ffmpeg ffmpeg 0.7.1
libav libav 0.5.6
ffmpeg ffmpeg 0.8.5
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.7.3
libav libav 0.7.1
ffmpeg ffmpeg 0.7.6
CVE-2011-3941 HIGH

The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2011-3944 MEDIUM

The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2011-3945 MEDIUM

The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
libav libav 0.6.5
libav libav 0.5.7
ffmpeg ffmpeg 0.7
libav libav 0.5.3
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.8.7
libav libav 0.6.3
libav libav 0.8
libav libav 0.7
libav libav 0.6.2
libav libav 0.6.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.2
libav libav 0.5
libav libav 0.5.1
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
libav libav 0.5.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.8.5
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
libav libav 0.5.5
libav libav 0.5.4
ffmpeg ffmpeg 0.8.1
libav libav 0.7.3
libav libav 0.7.1
ffmpeg ffmpeg 0.7.6
CVE-2011-3946 MEDIUM

The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2011-3947 MEDIUM

Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
libav libav 0.6.5
libav libav 0.5.7
libav libav 0.5.3
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.8.7
libav libav 0.6.3
libav libav 0.8
libav libav 0.7
libav libav 0.6.2
libav libav 0.6.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
libav libav 0.5
libav libav 0.5.1
ffmpeg ffmpeg 0.7.1
libav libav 0.5.6
ffmpeg ffmpeg 0.8.5
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.7.3
libav libav 0.7.1
ffmpeg ffmpeg 0.7.6
CVE-2011-3949 MEDIUM

The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2011-3950 MEDIUM

The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2011-3951 MEDIUM

The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
libav libav 0.6.5
libav libav 0.5.7
ffmpeg ffmpeg 0.9
libav libav 0.5.3
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.8.7
libav libav 0.6.3
libav libav 0.8
libav libav 0.7
libav libav 0.6.2
libav libav 0.6.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
libav libav 0.5
libav libav 0.5.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.5.6
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.11
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
libav libav 0.5.5
libav libav 0.5.4
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2011-3952 MEDIUM

The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.6.3
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
libav libav 0.5.1
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
libav libav 0.5.3
ffmpeg ffmpeg 0.4.8
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.6.1
libav libav 0.6.2
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
libav libav 0.5
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2011-3973 MEDIUM

cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.5.3
CVE-2011-3974 MEDIUM

Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.5.3
CVE-2011-4031 MEDIUM

Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2011-4352 MEDIUM

Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.5.3
ffmpeg ffmpeg 0.7.4
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.4
libav libav 0.6.3
libav libav 0.7
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
libav libav 0.6.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.8.2
libav libav 0.5
ffmpeg ffmpeg 0.5.4.6
libav libav 0.5.1
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.5
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.6.2
libav libav 0.5.5
libav libav 0.5.4
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
libav libav 0.7.1
ffmpeg ffmpeg 0.7.6
CVE-2011-4364 MEDIUM

Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
libav libav 0.5.3
ffmpeg ffmpeg 0.7.4
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.4
libav libav 0.6.3
libav libav 0.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.6.1
libav libav 0.6.2
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.8.2
libav libav 0.5
libav libav 0.5.1
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.5
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.6.2
libav libav 0.5.5
libav libav 0.5.4
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
libav libav 0.7.1
ffmpeg ffmpeg 0.7.6
CVE-2011-4579 MEDIUM

The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.6.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
libav libav 0.5.3
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.4
libav libav 0.6.3
libav libav 0.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.6.1
libav libav 0.6.2
libav libav 0.6.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.8.2
libav libav 0.5
libav libav 0.5.1
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.5
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.6.2
libav libav 0.5.5
libav libav 0.5.4
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
libav libav 0.7.1
ffmpeg ffmpeg 0.7.6
CVE-2012-0847 MEDIUM

Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg *
CVE-2012-0848 MEDIUM

Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file, related to an incorrect calculation, aka "wrong samples count."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.9.1
CVE-2012-0849 MEDIUM

Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
CVE-2012-0850 MEDIUM

The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
CVE-2012-0851 MEDIUM

The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
libav libav 0.6.5
libav libav 0.5.7
libav libav 0.5.3
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.8.7
libav libav 0.6.3
libav libav 0.8
libav libav 0.7
libav libav 0.6.2
libav libav 0.6.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
libav libav 0.5
libav libav 0.5.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.5.6
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.11
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
libav libav 0.5.5
libav libav 0.8.2
libav libav 0.5.4
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-0852 MEDIUM

The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
libav libav 0.6.5
libav libav 0.5.7
libav libav 0.5.3
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.8.7
libav libav 0.6.3
libav libav 0.8
libav libav 0.7
libav libav 0.6.2
libav libav 0.6.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
libav libav 0.5
libav libav 0.5.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.5.6
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.11
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
libav libav 0.5.5
libav libav 0.8.2
libav libav 0.5.4
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-0853 MEDIUM

The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
libav libav 0.6.5
libav libav 0.5.7
ffmpeg ffmpeg 0.7
libav libav 0.5.3
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.8.7
libav libav 0.6.3
libav libav 0.8
libav libav 0.7
libav libav 0.6.2
libav libav 0.6.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.2
libav libav 0.5
libav libav 0.5.1
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
libav libav 0.5.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.8.5
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
libav libav 0.5.5
libav libav 0.5.4
ffmpeg ffmpeg 0.8.1
libav libav 0.7.3
libav libav 0.7.1
ffmpeg ffmpeg 0.7.6
CVE-2012-0854 MEDIUM

The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
CVE-2012-0855 MEDIUM

Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to the curtileno variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
CVE-2012-0856 LOW

Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file. NOTE: this vulnerability exists because of a regression error.

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
CVE-2012-0858 MEDIUM

The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free".

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
libav libav 0.6.5
libav libav 0.5.7
libav libav 0.5.3
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.8
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.8.7
libav libav 0.6.3
libav libav 0.8
libav libav 0.7
libav libav 0.6.2
libav libav 0.6.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
libav libav 0.5
libav libav 0.5.1
ffmpeg ffmpeg 0.7.1
libav libav 0.5.6
ffmpeg ffmpeg 0.8.5
libav libav 0.6.1
ffmpeg ffmpeg 0.7.2
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.7.3
libav libav 0.7.1
ffmpeg ffmpeg 0.7.6
CVE-2012-0859 MEDIUM

The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg *
CVE-2012-2771 HIGH

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2012-2772 HIGH

Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing with frame threading."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2773 HIGH

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2012-2774 MEDIUM

The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, related to starting "a frame outside SETUP state."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2012-2775 HIGH

Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2776 HIGH

Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to an "out of picture write."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
CVE-2012-2777 HIGH

Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2778 HIGH

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2012-2779 HIGH

Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2780 HIGH

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2012-2781 HIGH

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2012-2782 HIGH

Unspecified vulnerability in the decode_slice_header function in libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a "rejected resolution change."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2012-2783 HIGH

Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to "freeing the returned frame."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
libav libav 0.8.4
CVE-2012-2784 HIGH

Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2785 HIGH

Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to (1) "some subframes only encode some channels" or (2) a large order value.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2012-2786 HIGH

Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2787 HIGH

Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
CVE-2012-2788 HIGH

Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2789 HIGH

Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2790 HIGH

Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2791 HIGH

Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
libav libav 0.8.4
CVE-2012-2792 HIGH

Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2012-2793 HIGH

Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2794 HIGH

Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2795 HIGH

Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3) "too many bits in decode_channel_residues()."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2012-2796 HIGH

Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
CVE-2012-2797 HIGH

Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.8.4
CVE-2012-2798 HIGH

Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2799 HIGH

Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "put bit buffer when num_saved_bits is reset."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2012-2800 HIGH

Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2801 HIGH

Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
CVE-2012-2802 HIGH

Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
CVE-2012-2803 HIGH

Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.7.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
libav libav 0.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
libav libav 0.7.2
libav libav 0.7.5
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
libav libav 0.7.6
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
libav libav 0.7.1
libav libav 0.8.4
CVE-2012-2804 HIGH

Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.2
libav libav 0.8.2
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.8.4
CVE-2012-2805 MEDIUM

Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
CVE-2012-5361 MEDIUM

Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2012-6615 MEDIUM

The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg *
CVE-2012-6616 MEDIUM

The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg *
CVE-2012-6617 MEDIUM

The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg *
CVE-2012-6618 LOW

The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate."

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg *
CVE-2013-0844 HIGH

Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0845 HIGH

libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0846 HIGH

Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0847 HIGH

The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0848 HIGH

The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0849 HIGH

The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0850 HIGH

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0851 HIGH

The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0852 HIGH

The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0853 HIGH

The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0854 HIGH

The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0855 HIGH

Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0856 HIGH

The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0857 HIGH

The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0858 HIGH

The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
debian debian_linux 7.0
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0859 HIGH

The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0860 MEDIUM

The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0861 MEDIUM

The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0862 HIGH

Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 1.0.3
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0863 HIGH

Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0864 HIGH

The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via crafted GIF data that triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0865 HIGH

The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0866 HIGH

The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0867 HIGH

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0868 HIGH

libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0869 HIGH

The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0870 HIGH

The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.1.4
CVE-2013-0872 HIGH

The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0873 HIGH

The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0874 HIGH

The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0875 HIGH

The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0876 HIGH

Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0877 HIGH

The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0878 HIGH

The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-0894 HIGH

Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
google chrome *
opensuse opensuse 12.1
opensuse opensuse 12.2
canonical ubuntu_linux 12.10
ffmpeg ffmpeg *
CVE-2013-2276 HIGH

The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-2277 HIGH

The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-2495 HIGH

The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-2496 HIGH

The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2013-3670 MEDIUM

The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2013-3671 MEDIUM

The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2013-3672 MEDIUM

The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2013-3673 MEDIUM

The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2013-3674 MEDIUM

The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2013-3675 MEDIUM

The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2013-4263 HIGH

libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-4264 MEDIUM

The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-4265 HIGH

The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-4358 MEDIUM

libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.11.1
ffmpeg ffmpeg 0.11.2
ffmpeg ffmpeg *
CVE-2013-7008 MEDIUM

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7009 MEDIUM

The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7010 MEDIUM

Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7011 MEDIUM

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7012 MEDIUM

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7013 MEDIUM

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7014 MEDIUM

Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7015 MEDIUM

The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7016 MEDIUM

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7017 MEDIUM

libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7018 MEDIUM

libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7019 MEDIUM

The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7020 MEDIUM

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
debian debian_linux 6.0
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7021 MEDIUM

The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7022 MEDIUM

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7023 MEDIUM

The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2013-7024 MEDIUM

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2014-125002 MEDIUM

A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125003 MEDIUM

A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125004 MEDIUM

A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125005 MEDIUM

A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125006 MEDIUM

A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125007 MEDIUM

A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125008 MEDIUM

A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125009 MEDIUM

A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125010 MEDIUM

A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125011 MEDIUM

A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-192,CWE-681,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125012 MEDIUM

A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-192,CWE-681,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125013 MEDIUM

A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125014 MEDIUM

A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125015 MEDIUM

A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
cna@vuldb.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125016 MEDIUM

A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125017 MEDIUM

A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
cna@vuldb.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125018 MEDIUM

A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125019 MEDIUM

A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125020 MEDIUM

A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125021 MEDIUM

A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125022 MEDIUM

A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125023 MEDIUM

A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125024 MEDIUM

A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-125025 MEDIUM

A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0
CVE-2014-2097 MEDIUM

The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg *
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 2.0.3
CVE-2014-2098 MEDIUM

libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg *
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 2.0.3
CVE-2014-2099 MEDIUM

The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg *
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 2.0.3
CVE-2014-2263 MEDIUM

The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg *
ffmpeg ffmpeg 2.0.3
CVE-2014-4610 MEDIUM

Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2014-5271 HIGH

Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.1.11
libav libav 0.8.9
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 2.0.4
libav libav 0.7.4
ffmpeg ffmpeg 1.2.4
libav libav 0.8.6
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 1.1.7
ffmpeg ffmpeg 1.1.12
ffmpeg ffmpeg 2.1
libav libav 0.6.3
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.1.5
libav libav 0.8.5
ffmpeg ffmpeg 1.1.8
libav libav 0.7
ffmpeg ffmpeg 2.3
libav libav 0.5.1
ffmpeg ffmpeg 1.2.5
ffmpeg ffmpeg 2.0.3
libav libav 0.5.6
ffmpeg ffmpeg 1.1
libav libav 0.6.1
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 1.1.6
ffmpeg ffmpeg 1.2.7
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 1.1.10
libav libav 0.6.5
libav libav 0.5.7
ffmpeg ffmpeg 1.2.6
libav libav 10.2
ffmpeg ffmpeg 2.0
libav libav 0.5.3
libav libav 0.8.10
libav libav 0.8.12
libav libav 0.6
libav libav 0.5.2
ffmpeg ffmpeg 1.1.5
libav libav *
libav libav 0.8.7
libav libav 0.8.3
libav libav 0.8
ffmpeg ffmpeg 2.1.3
libav libav 10.3
libav libav 0.8.11
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 1.2.3
libav libav 0.8.8
libav libav 0.6.2
libav libav 0.6.4
ffmpeg ffmpeg 1.1.9
libav libav 0.7.2
ffmpeg ffmpeg 2.0.2
libav libav 0.7.5
libav libav 0.5
ffmpeg ffmpeg 2.1.4
libav libav 0.5.8
libav libav 0.7.6
libav libav 10.1
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 2.0.5
ffmpeg ffmpeg 2.2
libav libav 0.5.5
libav libav 0.8.2
libav libav 0.5.4
libav libav 0.8.1
ffmpeg ffmpeg *
libav libav 0.7.3
ffmpeg ffmpeg 1.2.1
libav libav 0.7.1
ffmpeg ffmpeg 1.2
libav libav 0.8.4
CVE-2014-5272 MEDIUM

libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 1.1.11
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 1.1.10
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 1.2.6
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 2.0.4
ffmpeg ffmpeg 1.2.4
ffmpeg ffmpeg 1.1.5
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 1.1.7
ffmpeg ffmpeg 1.1.12
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 2.1.3
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 2.1.5
ffmpeg ffmpeg 1.1.8
ffmpeg ffmpeg 1.2.3
ffmpeg ffmpeg 1.1.9
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 2.1.4
ffmpeg ffmpeg 1.2.5
ffmpeg ffmpeg 2.0.3
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 2.0.5
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 1.1.6
ffmpeg ffmpeg 1.2.7
ffmpeg ffmpeg *
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
CVE-2014-7933 HIGH

Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
google chrome *
ffmpeg ffmpeg *
CVE-2014-7937 HIGH

Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
google chrome *
ffmpeg ffmpeg *
CVE-2014-8541 HIGH

libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.1.11
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 1.2.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 1.1.7
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 0.11.1
ffmpeg ffmpeg 0.11.2
ffmpeg ffmpeg 1.0.3
ffmpeg ffmpeg 1.1.8
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.11.4
ffmpeg ffmpeg 1.2.5
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
canonical ubuntu_linux 12.04
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 1.1.10
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 2.1.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 2.0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 1.1.13
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 2.0.4
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 1.0.4
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.11.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 1.1.12
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.1.5
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 2.0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 1.1.6
ffmpeg ffmpeg 1.2.7
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 1.2.6
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 1.1.5
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 1.2.3
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 1.1.9
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 2.1.4
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2014-8542 HIGH

libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
debian debian_linux 8.0
ffmpeg ffmpeg *
CVE-2014-8543 HIGH

libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.1.11
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 1.2.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 1.1.7
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 0.11.1
ffmpeg ffmpeg 0.11.2
ffmpeg ffmpeg 1.0.3
ffmpeg ffmpeg 1.1.8
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.11.4
ffmpeg ffmpeg 1.2.5
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
canonical ubuntu_linux 12.04
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 1.1.10
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 2.1.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 2.0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 1.1.13
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 2.0.4
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 1.0.4
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.11.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 1.1.12
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.1.5
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 2.0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 1.1.6
ffmpeg ffmpeg 1.2.7
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 1.2.6
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 1.1.5
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 1.2.3
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 1.1.9
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 2.1.4
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2014-8544 HIGH

libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.1.11
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 1.2.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 1.1.7
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 0.11.1
ffmpeg ffmpeg 0.11.2
ffmpeg ffmpeg 1.0.3
ffmpeg ffmpeg 1.1.8
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.11.4
ffmpeg ffmpeg 1.2.5
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
canonical ubuntu_linux 12.04
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 1.1.10
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 2.1.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 2.0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 1.1.13
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 2.0.4
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 1.0.4
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.11.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 1.1.12
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.1.5
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 2.0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 1.1.6
ffmpeg ffmpeg 1.2.7
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 1.2.6
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 1.1.5
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 1.2.3
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 1.1.9
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 2.1.4
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2014-8545 HIGH

libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.1.11
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 1.2.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 1.1.7
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 0.11.1
ffmpeg ffmpeg 0.11.2
ffmpeg ffmpeg 1.0.3
ffmpeg ffmpeg 1.1.8
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.11.4
ffmpeg ffmpeg 1.2.5
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 1.1.10
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 2.1.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 2.0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 1.1.13
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 2.0.4
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 1.0.4
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.11.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 1.1.12
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.1.5
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 2.0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 1.1.6
ffmpeg ffmpeg 1.2.7
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 1.2.6
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 1.1.5
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 1.2.3
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 1.1.9
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 2.1.4
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2014-8546 HIGH

Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.1.11
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 1.2.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 1.1.7
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 0.11.1
ffmpeg ffmpeg 0.11.2
ffmpeg ffmpeg 1.0.3
ffmpeg ffmpeg 1.1.8
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.11.4
ffmpeg ffmpeg 1.2.5
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 1.1.10
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 2.1.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 2.0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 1.1.13
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 2.0.4
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 1.0.4
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.11.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 1.1.12
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.1.5
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 2.0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 1.1.6
ffmpeg ffmpeg 1.2.7
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 1.2.6
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 1.1.5
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 1.2.3
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 1.1.9
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 2.1.4
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2014-8547 HIGH

libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.1.11
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 1.2.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 1.1.7
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 0.11.1
ffmpeg ffmpeg 0.11.2
ffmpeg ffmpeg 1.0.3
ffmpeg ffmpeg 1.1.8
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.11.4
ffmpeg ffmpeg 1.2.5
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
canonical ubuntu_linux 12.04
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 1.1.10
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 2.1.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 2.0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 1.1.13
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 2.0.4
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 1.0.4
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.11.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 1.1.12
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.1.5
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 2.0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 1.1.6
ffmpeg ffmpeg 1.2.7
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 1.2.6
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 1.1.5
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 1.2.3
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 1.1.9
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 2.1.4
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2014-8548 HIGH

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.1.11
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 1.2.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 1.1.7
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 0.11.1
ffmpeg ffmpeg 0.11.2
ffmpeg ffmpeg 1.0.3
ffmpeg ffmpeg 1.1.8
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.11.4
ffmpeg ffmpeg 1.2.5
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
canonical ubuntu_linux 12.04
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 1.1.10
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 2.1.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 2.0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 1.1.13
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 2.0.4
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 1.0.4
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.11.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 1.1.12
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.1.5
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 2.0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 1.1.6
ffmpeg ffmpeg 1.2.7
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 1.2.6
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 1.1.5
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 1.2.3
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 1.1.9
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 2.1.4
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2014-8549 HIGH

libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 1.1.11
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 1.1.3
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 1.0.1
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 1.2.4
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 1.1.7
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 0.11.1
ffmpeg ffmpeg 0.11.2
ffmpeg ffmpeg 1.0.3
ffmpeg ffmpeg 1.1.8
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.11.4
ffmpeg ffmpeg 1.2.5
ffmpeg ffmpeg 0.8.0
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 1.1.2
ffmpeg ffmpeg 1.1.10
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 2.1.3
ffmpeg ffmpeg 1.1.1
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 1.0.2
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 2.0.5
ffmpeg ffmpeg 0.11
ffmpeg ffmpeg 1.1.13
ffmpeg ffmpeg 1.2.1
ffmpeg ffmpeg 1.2
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 2.0.4
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 1.0.4
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.11.3
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 1.0
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 1.1.12
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.1.5
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 2.0.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 1.1.6
ffmpeg ffmpeg 1.2.7
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 1.2.6
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 1.1.5
ffmpeg ffmpeg 0.10.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 1.2.3
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 1.1.9
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 2.1.4
ffmpeg ffmpeg 0.5.4.6
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 0.8.11
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg *
CVE-2014-9316 HIGH

The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.4.3
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 2.4.1
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 2.4.2
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 2.3.5
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg *
CVE-2014-9317 HIGH

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.4.3
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 2.4.1
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 2.4.2
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 2.3.5
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg *
CVE-2014-9318 HIGH

The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.4.3
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 2.4.1
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 2.4.2
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 2.3.5
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg *
CVE-2014-9319 MEDIUM

The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.4.3
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 2.4.1
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 2.4.2
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 2.3.5
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg *
CVE-2014-9602 HIGH

libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2014-9603 HIGH

The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2014-9604 HIGH

libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
ffmpeg ffmpeg *
CVE-2014-9676 MEDIUM

The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2015-1208 MEDIUM

Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2015-1872 MEDIUM

The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
ffmpeg ffmpeg *
CVE-2015-3395 MEDIUM

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
ffmpeg ffmpeg 2.2.2
ffmpeg ffmpeg 2.5.3
libav libav 11.3
ffmpeg ffmpeg 2.4.3
ffmpeg ffmpeg 2.4.7
ffmpeg ffmpeg 2.2.11
ffmpeg ffmpeg 2.2.1
ffmpeg ffmpeg 2.4.5
ffmpeg ffmpeg 2.4.1
ffmpeg ffmpeg 2.6.0
ffmpeg ffmpeg 2.2.6
ffmpeg ffmpeg 2.4.6
ffmpeg ffmpeg 2.5.1
libav libav *
ffmpeg ffmpeg 2.4.2
libav libav 11.2
ffmpeg ffmpeg 2.2.14
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.4.4
ffmpeg ffmpeg 2.2.3
ffmpeg ffmpeg 2.2.10
libav libav 11.1
ffmpeg ffmpeg 2.2.0
ffmpeg ffmpeg 2.4.0
ffmpeg ffmpeg 2.6.1
ffmpeg ffmpeg 2.5.5
ffmpeg ffmpeg 2.0.6
ffmpeg ffmpeg 2.2.9
ffmpeg ffmpeg 2.2.5
ffmpeg ffmpeg 2.2.7
ffmpeg ffmpeg 2.2.12
libav libav 11.0
ffmpeg ffmpeg 2.5.4
ffmpeg ffmpeg 2.5.0
ffmpeg ffmpeg 2.2.8
ffmpeg ffmpeg 2.5.2
ffmpeg ffmpeg 2.2.13
CVE-2015-3417 MEDIUM

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 8.0
ffmpeg ffmpeg *
CVE-2015-6761 MEDIUM

The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
google chrome *
ffmpeg ffmpeg *
CVE-2015-6818 HIGH

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-17,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
ffmpeg ffmpeg *
CVE-2015-6819 HIGH

Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2015-6820 HIGH

The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
ffmpeg ffmpeg *
CVE-2015-6821 HIGH

The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2015-6822 HIGH

The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-17,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2015-6823 HIGH

The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-17,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2015-6824 HIGH

The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
ffmpeg ffmpeg *
CVE-2015-6825 HIGH

The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2015-6826 HIGH

The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
ffmpeg ffmpeg *
CVE-2015-8216 HIGH

The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-17,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2015-8217 HIGH

The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2015-8218 MEDIUM

The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2015-8219 HIGH

The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2015-8363 MEDIUM

The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.7.1
ffmpeg ffmpeg 2.8.0
ffmpeg ffmpeg 2.8.1
ffmpeg ffmpeg 2.6.4
ffmpeg ffmpeg 2.7.0
ffmpeg ffmpeg 2.8.2
ffmpeg ffmpeg 2.7.2
CVE-2015-8364 MEDIUM

Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
ffmpeg ffmpeg 2.7.1
ffmpeg ffmpeg 2.8.0
ffmpeg ffmpeg 2.8.1
ffmpeg ffmpeg 2.6.4
ffmpeg ffmpeg 2.7.0
ffmpeg ffmpeg 2.8.2
ffmpeg ffmpeg 2.7.2
CVE-2015-8365 MEDIUM

The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
ffmpeg ffmpeg 2.7.1
ffmpeg ffmpeg 2.8.0
ffmpeg ffmpeg 2.8.1
ffmpeg ffmpeg 2.6.4
ffmpeg ffmpeg 2.7.0
ffmpeg ffmpeg 2.8.2
ffmpeg ffmpeg 2.7.2
CVE-2015-8661 HIGH

The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2015-8662 HIGH

The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2015-8663 HIGH

The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.8.3
CVE-2016-10190 HIGH

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.0.4
ffmpeg ffmpeg 3.0.1
ffmpeg ffmpeg 3.2
ffmpeg ffmpeg 3.0.3
ffmpeg ffmpeg 3.1.2
ffmpeg ffmpeg 3.1.5
ffmpeg ffmpeg 3.1.1
ffmpeg ffmpeg 3.0
ffmpeg ffmpeg 3.2.1
ffmpeg ffmpeg 3.0.2
ffmpeg ffmpeg 3.1.4
ffmpeg ffmpeg 3.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 3.1.3
CVE-2016-10191 HIGH

Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.0.4
ffmpeg ffmpeg 3.0.1
ffmpeg ffmpeg 3.2
ffmpeg ffmpeg 3.0.3
ffmpeg ffmpeg 3.1.2
ffmpeg ffmpeg 3.1.5
ffmpeg ffmpeg 3.1.1
ffmpeg ffmpeg 3.0
ffmpeg ffmpeg 3.2.1
ffmpeg ffmpeg 3.0.2
ffmpeg ffmpeg 3.1.4
ffmpeg ffmpeg 3.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 3.1.3
CVE-2016-10192 HIGH

Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.0.4
ffmpeg ffmpeg 3.0.1
ffmpeg ffmpeg 3.2
ffmpeg ffmpeg 3.0.3
ffmpeg ffmpeg 3.1.2
ffmpeg ffmpeg 3.1.5
ffmpeg ffmpeg 3.1.1
ffmpeg ffmpeg 3.0
ffmpeg ffmpeg 3.2.1
ffmpeg ffmpeg 3.0.2
ffmpeg ffmpeg 3.1.4
ffmpeg ffmpeg 3.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 3.1.3
CVE-2016-1897 MEDIUM

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.5.3
ffmpeg ffmpeg 2.4.3
ffmpeg ffmpeg 2.4.11
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 2.4.9
ffmpeg ffmpeg 2.2.11
ffmpeg ffmpeg 2.2.1
ffmpeg ffmpeg 2.4.5
ffmpeg ffmpeg 2.0.4
ffmpeg ffmpeg 2.4.1
ffmpeg ffmpeg 2.4.10
ffmpeg ffmpeg 2.2.6
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 2.4.6
ffmpeg ffmpeg 2.6
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 2.4.2
ffmpeg ffmpeg 2.2.14
ffmpeg ffmpeg 2.5
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.4.12
ffmpeg ffmpeg 2.1.5
ffmpeg ffmpeg 2.2.10
ffmpeg ffmpeg 2.6.1
ffmpeg ffmpeg 2.5.5
ffmpeg ffmpeg 2.0.6
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 2.2.12
ffmpeg ffmpeg 2.3.6
ffmpeg ffmpeg 2.0.3
ffmpeg ffmpeg 2.7.1
ffmpeg ffmpeg 2.8
ffmpeg ffmpeg 2.1.7
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 2.3.5
ffmpeg ffmpeg 2.2.8
ffmpeg ffmpeg 2.5.2
ffmpeg ffmpeg 2.7
ffmpeg ffmpeg 2.2.13
canonical ubuntu_linux 12.04
ffmpeg ffmpeg 2.2.15
ffmpeg ffmpeg 2.5.6
ffmpeg ffmpeg 2.2.2
ffmpeg ffmpeg 2.5.7
ffmpeg ffmpeg 2.8.1
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 2.4.7
ffmpeg ffmpeg 2.8.2
ffmpeg ffmpeg 2.8.3
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 2.1.8
ffmpeg ffmpeg 2.5.9
ffmpeg ffmpeg 2.4.8
ffmpeg ffmpeg 2.7.4
ffmpeg ffmpeg 2.5.1
ffmpeg ffmpeg 2.6.4
ffmpeg ffmpeg 2.6.3
ffmpeg ffmpeg 2.6.5
ffmpeg ffmpeg 2.1.3
ffmpeg ffmpeg 2.6.2
ffmpeg ffmpeg 2.4.4
ffmpeg ffmpeg 2.0.7
ffmpeg ffmpeg 2.1.6
ffmpeg ffmpeg 2.2.3
ffmpeg ffmpeg 2.7.3
ffmpeg ffmpeg 2.2.9
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 2.2.5
ffmpeg ffmpeg 2.8.4
ffmpeg ffmpeg 2.7.2
ffmpeg ffmpeg 2.1.4
ffmpeg ffmpeg 2.2.7
ffmpeg ffmpeg 2.6.6
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 2.5.4
ffmpeg ffmpeg 2.3.1
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 2.0.5
opensuse leap 42.1
ffmpeg ffmpeg 2.5.8
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 2.2.16
CVE-2016-1898 MEDIUM

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.5.3
ffmpeg ffmpeg 2.4.3
ffmpeg ffmpeg 2.4.11
ffmpeg ffmpeg 2.0.1
ffmpeg ffmpeg 2.4.9
ffmpeg ffmpeg 2.2.11
ffmpeg ffmpeg 2.2.1
ffmpeg ffmpeg 2.4.5
ffmpeg ffmpeg 2.0.4
ffmpeg ffmpeg 2.4.1
ffmpeg ffmpeg 2.4.10
ffmpeg ffmpeg 2.2.6
ffmpeg ffmpeg 2.1.1
ffmpeg ffmpeg 2.4.6
ffmpeg ffmpeg 2.6
ffmpeg ffmpeg 2.1
ffmpeg ffmpeg 2.4.2
ffmpeg ffmpeg 2.2.14
ffmpeg ffmpeg 2.5
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.4.12
ffmpeg ffmpeg 2.1.5
ffmpeg ffmpeg 2.2.10
ffmpeg ffmpeg 2.6.1
ffmpeg ffmpeg 2.5.5
ffmpeg ffmpeg 2.0.6
ffmpeg ffmpeg 2.3
ffmpeg ffmpeg 2.2.12
ffmpeg ffmpeg 2.3.6
ffmpeg ffmpeg 2.0.3
ffmpeg ffmpeg 2.7.1
ffmpeg ffmpeg 2.8
ffmpeg ffmpeg 2.1.7
ffmpeg ffmpeg 2.3.2
ffmpeg ffmpeg 2.3.5
ffmpeg ffmpeg 2.2.8
ffmpeg ffmpeg 2.5.2
ffmpeg ffmpeg 2.7
ffmpeg ffmpeg 2.2.13
canonical ubuntu_linux 12.04
ffmpeg ffmpeg 2.2.15
ffmpeg ffmpeg 2.5.6
ffmpeg ffmpeg 2.2.2
ffmpeg ffmpeg 2.5.7
ffmpeg ffmpeg 2.8.1
ffmpeg ffmpeg 2.4
ffmpeg ffmpeg 2.4.7
ffmpeg ffmpeg 2.8.2
ffmpeg ffmpeg 2.8.3
ffmpeg ffmpeg 2.0
ffmpeg ffmpeg 2.1.8
ffmpeg ffmpeg 2.5.9
ffmpeg ffmpeg 2.4.8
ffmpeg ffmpeg 2.7.4
ffmpeg ffmpeg 2.5.1
ffmpeg ffmpeg 2.6.4
ffmpeg ffmpeg 2.6.3
ffmpeg ffmpeg 2.6.5
ffmpeg ffmpeg 2.1.3
ffmpeg ffmpeg 2.6.2
ffmpeg ffmpeg 2.4.4
ffmpeg ffmpeg 2.0.7
ffmpeg ffmpeg 2.1.6
ffmpeg ffmpeg 2.2.3
ffmpeg ffmpeg 2.7.3
ffmpeg ffmpeg 2.2.9
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 2.2.5
ffmpeg ffmpeg 2.8.4
ffmpeg ffmpeg 2.7.2
ffmpeg ffmpeg 2.1.4
ffmpeg ffmpeg 2.2.7
ffmpeg ffmpeg 2.6.6
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 2.5.4
ffmpeg ffmpeg 2.3.1
ffmpeg ffmpeg 2.3.3
ffmpeg ffmpeg 2.3.4
ffmpeg ffmpeg 2.0.5
opensuse leap 42.1
ffmpeg ffmpeg 2.5.8
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 2.2.16
CVE-2016-2213 MEDIUM

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-2326 MEDIUM

Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
debian debian_linux 8.0
ffmpeg ffmpeg *
debian debian_linux 7.0
CVE-2016-2327 MEDIUM

libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-2328 MEDIUM

libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-2329 MEDIUM

libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse leap 42.1
ffmpeg ffmpeg *
CVE-2016-2330 MEDIUM

libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
ffmpeg ffmpeg *
CVE-2016-3062 MEDIUM

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav *
opensuse leap 42.1
debian debian_linux *
ffmpeg ffmpeg *
CVE-2016-6164 HIGH

Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.0
ffmpeg ffmpeg 3.0.1
ffmpeg ffmpeg 3.0.2
ffmpeg ffmpeg 3.1
ffmpeg ffmpeg *
CVE-2016-6671 MEDIUM

The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-6881 MEDIUM

The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-6920 MEDIUM

Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-7122 MEDIUM

The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-7450 MEDIUM

The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-7502 MEDIUM

The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-7555 MEDIUM

The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-7562 MEDIUM

The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-7785 MEDIUM

The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-7905 MEDIUM

The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-8595 MEDIUM

The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2016-9561 MEDIUM

The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2017-1000460 MEDIUM

In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
google chrome *
libav libav 13_dev0
ffmpeg ffmpeg 3.4
CVE-2017-11399 MEDIUM

Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2017-11665 MEDIUM

The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.3.2
CVE-2017-11719 MEDIUM

The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2017-14054 HIGH

In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-834,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.3.3
CVE-2017-14055 HIGH

In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-834,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.3.3
CVE-2017-14056 HIGH

In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-834,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.3.3
CVE-2017-14057 HIGH

In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-834,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.3.3
CVE-2017-14058 MEDIUM

In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.3.3
CVE-2017-14059 HIGH

In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-834,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.3.3
CVE-2017-14169 MEDIUM

In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 8.0
ffmpeg ffmpeg 3.3.3
CVE-2017-14170 HIGH

In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-834,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.3.3
CVE-2017-14171 HIGH

In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-834,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.3.3
CVE-2017-14222 HIGH

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-834,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.3.3
CVE-2017-14223 HIGH

In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 8.0
ffmpeg ffmpeg 3.3.3
CVE-2017-14225 MEDIUM

The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.3.3
CVE-2017-14767 MEDIUM

The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2017-15186 MEDIUM

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2017-15672 MEDIUM

The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 8.0
ffmpeg ffmpeg *
CVE-2017-16840 HIGH

The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.0
ffmpeg ffmpeg 3.4
debian debian_linux 9.0
CVE-2017-17081 MEDIUM

The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.4
CVE-2017-17555 MEDIUM

The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
ffmpeg libswresample *
ffmpeg ffmpeg 3.4.1
aubio aubio 0.4.6
CVE-2017-7859 HIGH

FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2017-7862 HIGH

FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2017-7863 HIGH

FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
ffmpeg ffmpeg *
CVE-2017-7865 HIGH

FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
ffmpeg ffmpeg *
CVE-2017-7866 HIGH

FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2017-9608 MEDIUM

The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2017-9990 MEDIUM

Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2017-9991 MEDIUM

Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.0.4
ffmpeg ffmpeg 3.0.6
ffmpeg ffmpeg 3.0.5
ffmpeg ffmpeg 3.1.6
ffmpeg ffmpeg 3.2.3
ffmpeg ffmpeg 3.0.7
ffmpeg ffmpeg 3.1.7
ffmpeg ffmpeg 3.0.1
ffmpeg ffmpeg 3.2
ffmpeg ffmpeg 3.0.3
ffmpeg ffmpeg 3.1.2
ffmpeg ffmpeg 3.1.5
ffmpeg ffmpeg 3.1.1
ffmpeg ffmpeg 3.0
ffmpeg ffmpeg 3.2.4
ffmpeg ffmpeg 3.3
ffmpeg ffmpeg 3.2.1
ffmpeg ffmpeg 3.0.2
ffmpeg ffmpeg 3.1.4
ffmpeg ffmpeg 3.2.2
ffmpeg ffmpeg 3.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 3.1.3
CVE-2017-9992 MEDIUM

Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 8.0
ffmpeg ffmpeg *
CVE-2017-9993 MEDIUM

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 8.0
ffmpeg ffmpeg *
CVE-2017-9994 MEDIUM

libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 8.0
ffmpeg ffmpeg *
CVE-2017-9995 MEDIUM

libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.3
CVE-2017-9996 MEDIUM

The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.0.5
ffmpeg ffmpeg 3.2.3
ffmpeg ffmpeg 2.8.1
ffmpeg ffmpeg 2.8.2
ffmpeg ffmpeg 2.8.3
ffmpeg ffmpeg 2.8.10
ffmpeg ffmpeg 2.8.6
ffmpeg ffmpeg 3.1.2
ffmpeg ffmpeg 2.8.7
ffmpeg ffmpeg 3.2.4
ffmpeg ffmpeg 2.8.5
ffmpeg ffmpeg 3.2.1
ffmpeg ffmpeg 2.8.11
ffmpeg ffmpeg 3.0.2
ffmpeg ffmpeg 3.1
ffmpeg ffmpeg 3.1.3
ffmpeg ffmpeg 3.0.4
ffmpeg ffmpeg 3.0.6
ffmpeg ffmpeg 3.1.6
ffmpeg ffmpeg 3.0.7
ffmpeg ffmpeg 3.1.7
ffmpeg ffmpeg 3.0.1
ffmpeg ffmpeg 3.2
ffmpeg ffmpeg 3.0.3
ffmpeg ffmpeg 2.8.4
ffmpeg ffmpeg 3.1.5
ffmpeg ffmpeg 3.1.1
ffmpeg ffmpeg 3.0
ffmpeg ffmpeg 2.8.8
ffmpeg ffmpeg 3.3
ffmpeg ffmpeg 2.8
ffmpeg ffmpeg 3.1.4
ffmpeg ffmpeg 3.2.2
ffmpeg ffmpeg 2.8.9
CVE-2018-10001 MEDIUM

The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
ffmpeg ffmpeg *
CVE-2018-12458 MEDIUM

An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.8
ffmpeg ffmpeg 4.0
debian debian_linux 9.0
CVE-2018-12459 MEDIUM

An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.0
CVE-2018-12460 MEDIUM

libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.0
CVE-2018-13300 MEDIUM

In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
ffmpeg ffmpeg 4.0.1
CVE-2018-13301 MEDIUM

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.0.1
CVE-2018-13302 MEDIUM

In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-129,

Products Affected

Vendor Product Version
debian debian_linux 9.0
ffmpeg ffmpeg 4.0.1
CVE-2018-13303 MEDIUM

In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.0.1
CVE-2018-13304 MEDIUM

In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.0.1
CVE-2018-13305 MEDIUM

In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.0.1
CVE-2018-14394 MEDIUM

libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2018-14395 MEDIUM

libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.2
ffmpeg ffmpeg 4.0
debian debian_linux 9.0
CVE-2018-15822 MEDIUM

The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
canonical ubuntu_linux 20.04
debian debian_linux 9.0
debian debian_linux 8.0
ffmpeg ffmpeg *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
CVE-2018-1999010 HIGH

FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 8.0
ffmpeg ffmpeg *
CVE-2018-1999011 MEDIUM

FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2018-1999012 HIGH

FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-835,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2018-1999013 MEDIUM

FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2018-1999014 MEDIUM

FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2018-1999015 MEDIUM

FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2018-6392 MEDIUM

The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
ffmpeg ffmpeg *
CVE-2018-6621 MEDIUM

The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 8.0
ffmpeg ffmpeg *
CVE-2018-6912 MEDIUM

The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2018-7557 MEDIUM

The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 8.0
ffmpeg ffmpeg *
CVE-2018-7751 MEDIUM

The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2018-9841 MEDIUM

The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2019-1000016 MEDIUM

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-129,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.1
CVE-2019-11338 MEDIUM

libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.1.2
canonical ubuntu_linux 18.10
canonical ubuntu_linux 20.04
ffmpeg ffmpeg 3.4
debian debian_linux 9.0
debian debian_linux 8.0
novell suse_package_hub_for_suse_linux_enterprise 12
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
CVE-2019-11339 MEDIUM

The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2019-12730 HIGH

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-908,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2019-13312 MEDIUM

block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.1.3
CVE-2019-13390 MEDIUM

In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.1.3
CVE-2019-15942 MEDIUM

FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-252,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2019-17539 HIGH

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 20.04
debian debian_linux 9.0
debian debian_linux 10.0
ffmpeg ffmpeg *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
CVE-2019-17542 HIGH

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 20.04
debian debian_linux 9.0
debian debian_linux 8.0
debian debian_linux 10.0
ffmpeg ffmpeg *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
CVE-2019-9718 MEDIUM

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.2
canonical ubuntu_linux 18.10
debian debian_linux 9.0
ffmpeg ffmpeg 4.1
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
CVE-2019-9721 MEDIUM

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.2
canonical ubuntu_linux 18.10
ffmpeg ffmpeg 4.1
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
CVE-2020-12284 HIGH

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2.2
canonical ubuntu_linux 20.04
ffmpeg ffmpeg 4.1
debian debian_linux 10.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
CVE-2020-13904 MEDIUM

FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.8
ffmpeg ffmpeg 4.2.3
canonical ubuntu_linux 20.04
debian debian_linux 9.0
debian debian_linux 10.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
CVE-2020-14212 MEDIUM

FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2020-20445 MEDIUM

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 11.0
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-20446 MEDIUM

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 11.0
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-20448 MEDIUM

FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.1.3
CVE-2020-20450 MEDIUM

FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 11.0
CVE-2020-20451 MEDIUM

Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
CVE-2020-20453 MEDIUM

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 11.0
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-20891 MEDIUM

Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2.1
CVE-2020-20892 MEDIUM

An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2.1
CVE-2020-20896 MEDIUM

An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2.1
CVE-2020-20898 MEDIUM

Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2.1
CVE-2020-20902 MEDIUM

A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2.1
CVE-2020-21041 MEDIUM

Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
debian debian_linux 9.0
ffmpeg ffmpeg 4.1
debian debian_linux 10.0
CVE-2020-21688 MEDIUM

A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 11.0
CVE-2020-21697 MEDIUM

A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 11.0
CVE-2020-22015 MEDIUM

Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22016 MEDIUM

A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22017 MEDIUM

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 10.0
CVE-2020-22019 MEDIUM

Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 10.0
CVE-2020-22020 MEDIUM

Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22021 MEDIUM

Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22022 MEDIUM

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22023 MEDIUM

A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22024 MEDIUM

Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
CVE-2020-22025 MEDIUM

A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22026 MEDIUM

Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22027 MEDIUM

A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 10.0
CVE-2020-22028 MEDIUM

Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22029 MEDIUM

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 10.0
CVE-2020-22030 MEDIUM

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 10.0
CVE-2020-22031 MEDIUM

A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22032 MEDIUM

A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22033 MEDIUM

A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 10.0
CVE-2020-22034 MEDIUM

A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 10.0
CVE-2020-22035 MEDIUM

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 10.0
CVE-2020-22036 MEDIUM

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22037 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 11.0
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22038 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
CVE-2020-22039 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
CVE-2020-22040 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
CVE-2020-22041 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
CVE-2020-22042 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 11.0
CVE-2020-22043 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
CVE-2020-22044 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
CVE-2020-22046 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
CVE-2020-22048 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
CVE-2020-22049 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22051 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
CVE-2020-22054 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-22056 MEDIUM

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
CVE-2020-23906 MEDIUM

FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2
CVE-2020-24020 MEDIUM

Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2.3
CVE-2020-24995 MEDIUM

Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 3.1.2
CVE-2020-35964 MEDIUM

track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.3.1
CVE-2020-35965 MEDIUM

decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 10.0
ffmpeg ffmpeg *
CVE-2020-36138

An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.3
CVE-2021-28429

Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.3.2
CVE-2021-30123 MEDIUM

FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.4
CVE-2021-33815 MEDIUM

dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-129,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.4
CVE-2021-3566 MEDIUM

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
ffmpeg ffmpeg *
CVE-2021-38090 MEDIUM

Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-190,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2.1
CVE-2021-38091 MEDIUM

Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2.1
CVE-2021-38092 MEDIUM

Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2.1
CVE-2021-38093 MEDIUM

Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2.1
CVE-2021-38094 MEDIUM

Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.2.1
CVE-2021-38114 MEDIUM

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-252,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.4
debian debian_linux 11.0
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2021-38171 HIGH

adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-252,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 4.4
debian debian_linux 11.0
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2021-38291 MEDIUM

FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
debian debian_linux 11.0
debian debian_linux 9.0
debian debian_linux 10.0
ffmpeg ffmpeg *
CVE-2022-1475 MEDIUM

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 5.0
ffmpeg ffmpeg *
CVE-2022-2566

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-coordination@google.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
ffmpeg ffmpeg 5.1
CVE-2022-3109

An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
debian debian_linux 11.0
fedoraproject fedora 36
debian debian_linux 10.0
ffmpeg ffmpeg *
CVE-2022-3341

A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.

Products Affected

Vendor Product Version
debian debian_linux 10.0
ffmpeg ffmpeg *
CVE-2022-3964

A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2022-3965

A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2022-48434

libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2023-46407

FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
ffmpeg ffmpeg 6.1
ffmpeg ffmpeg *
CVE-2023-47470

Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
ffmpeg ffmpeg 6.1
ffmpeg ffmpeg *
CVE-2023-49501

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component.

Products Affected

Vendor Product Version
fedoraproject fedora 38
ffmpeg ffmpeg 6.1
fedoraproject fedora 39
fedoraproject fedora 40
CVE-2023-49502

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 39
ffmpeg ffmpeg *
fedoraproject fedora 40
CVE-2023-49528

Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.

Products Affected

Vendor Product Version
fedoraproject fedora 38
ffmpeg ffmpeg 6.1
fedoraproject fedora 39
fedoraproject fedora 40
CVE-2023-50007

FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component.

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 39
ffmpeg ffmpeg *
fedoraproject fedora 40
CVE-2023-50008

FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component.

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 39
ffmpeg ffmpeg *
fedoraproject fedora 40
CVE-2023-50009

FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component.

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 39
ffmpeg ffmpeg *
fedoraproject fedora 40
CVE-2023-50010

FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 39
ffmpeg ffmpeg *
fedoraproject fedora 40
CVE-2023-51791

Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map.

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.0.2
ffmpeg ffmpeg 7.1.2
ffmpeg ffmpeg 7.1
ffmpeg ffmpeg 7.1.3
fedoraproject fedora 39
ffmpeg ffmpeg 8.0
ffmpeg ffmpeg 7.0.3
ffmpeg ffmpeg 7.1.1
fedoraproject fedora 40
fedoraproject fedora 38
ffmpeg ffmpeg 7.0.1
ffmpeg ffmpeg 7.2
ffmpeg ffmpeg 8.0.1
ffmpeg ffmpeg 8.1
ffmpeg ffmpeg 7.0
CVE-2023-51793

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.0.2
ffmpeg ffmpeg 7.1.2
ffmpeg ffmpeg 7.1
ffmpeg ffmpeg 7.1.3
ffmpeg ffmpeg 8.0
ffmpeg ffmpeg 7.0.3
ffmpeg ffmpeg 7.1.1
ffmpeg ffmpeg 7.0.1
ffmpeg ffmpeg 7.2
ffmpeg ffmpeg 8.0.1
ffmpeg ffmpeg 8.1
ffmpeg ffmpeg 7.0
CVE-2023-51794

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.0.2
ffmpeg ffmpeg 7.1.2
ffmpeg ffmpeg 7.1
ffmpeg ffmpeg 7.1.3
ffmpeg ffmpeg 8.0
ffmpeg ffmpeg 7.0.3
ffmpeg ffmpeg 7.1.1
ffmpeg ffmpeg 7.0.1
ffmpeg ffmpeg 7.2
ffmpeg ffmpeg 8.0.1
ffmpeg ffmpeg 8.1
ffmpeg ffmpeg 7.0
CVE-2023-51795

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.0.2
ffmpeg ffmpeg 7.1.2
ffmpeg ffmpeg 7.1
ffmpeg ffmpeg 7.1.3
fedoraproject fedora 39
ffmpeg ffmpeg 8.0
ffmpeg ffmpeg 7.0.3
ffmpeg ffmpeg 7.1.1
fedoraproject fedora 40
fedoraproject fedora 38
ffmpeg ffmpeg 7.0.1
ffmpeg ffmpeg 7.2
ffmpeg ffmpeg 8.0.1
ffmpeg ffmpeg 8.1
ffmpeg ffmpeg 7.0
CVE-2023-51796

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.0.2
ffmpeg ffmpeg 7.1.2
ffmpeg ffmpeg 7.1
ffmpeg ffmpeg 7.1.3
fedoraproject fedora 39
ffmpeg ffmpeg 8.0
ffmpeg ffmpeg 7.0.3
ffmpeg ffmpeg 7.1.1
fedoraproject fedora 40
fedoraproject fedora 38
ffmpeg ffmpeg 7.0.1
ffmpeg ffmpeg 7.2
ffmpeg ffmpeg 8.0.1
ffmpeg ffmpeg 8.1
ffmpeg ffmpeg 7.0
CVE-2023-51797

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.0.2
ffmpeg ffmpeg 7.1.2
ffmpeg ffmpeg 7.1
ffmpeg ffmpeg 7.1.3
fedoraproject fedora 39
ffmpeg ffmpeg 8.0
ffmpeg ffmpeg 7.0.3
ffmpeg ffmpeg 7.1.1
fedoraproject fedora 40
fedoraproject fedora 38
ffmpeg ffmpeg 7.0.1
ffmpeg ffmpeg 7.2
ffmpeg ffmpeg 8.0.1
ffmpeg ffmpeg 8.1
ffmpeg ffmpeg 7.0
CVE-2023-51798

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.0.2
ffmpeg ffmpeg 7.1.2
ffmpeg ffmpeg 7.1
ffmpeg ffmpeg 7.1.3
fedoraproject fedora 39
ffmpeg ffmpeg 8.0
ffmpeg ffmpeg 7.0.3
ffmpeg ffmpeg 7.1.1
fedoraproject fedora 40
fedoraproject fedora 38
ffmpeg ffmpeg 7.0.1
ffmpeg ffmpeg 7.2
ffmpeg ffmpeg 8.0.1
ffmpeg ffmpeg 8.1
ffmpeg ffmpeg 7.0
CVE-2023-6601

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
patrick@puiterwijk.org 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N 2.8 1.4
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2023-6602

A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2023-6603

A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2023-6604

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
patrick@puiterwijk.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2023-6605

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 3.9 2.7
patrick@puiterwijk.org 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 3.9 2.7

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2024-22860

Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
ffmpeg ffmpeg 6.1
ffmpeg ffmpeg *
CVE-2024-22861

Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
ffmpeg ffmpeg 6.1
ffmpeg ffmpeg *
CVE-2024-22862

Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
ffmpeg ffmpeg 6.1
ffmpeg ffmpeg *
CVE-2024-31578

FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 39
ffmpeg ffmpeg *
fedoraproject fedora 40
CVE-2024-31581

FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.

Products Affected

Vendor Product Version
fedoraproject fedora 38
ffmpeg ffmpeg 6.1
fedoraproject fedora 39
fedoraproject fedora 40
CVE-2024-31582

FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 39
ffmpeg ffmpeg *
fedoraproject fedora 40
CVE-2024-31585

FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 39
ffmpeg ffmpeg *
fedoraproject fedora 40
CVE-2024-32228

FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.0
CVE-2024-32229

FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column.

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.0
CVE-2024-32230

FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.0
CVE-2024-35365

FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
ffmpeg ffmpeg 6.1.1
CVE-2024-35366

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
ffmpeg ffmpeg 6.1.1
CVE-2024-35367

FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
ffmpeg ffmpeg 6.1.1
CVE-2024-35368

FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.0
CVE-2024-35369

In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
ffmpeg ffmpeg 6.1.1
CVE-2024-36613

FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6

Products Affected

Vendor Product Version
ffmpeg ffmpeg 6.1.1
CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.0
CVE-2024-36616

An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
ffmpeg ffmpeg 6.1.1
CVE-2024-36617

FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2024-36618

FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6

Products Affected

Vendor Product Version
ffmpeg ffmpeg 6.1.1
CVE-2024-36619

FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
ffmpeg ffmpeg 6.1.1
CVE-2024-55069

ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.1
CVE-2024-7055 HIGH

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2025-0518

Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed:  https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman

Products Affected

Vendor Product Version
ffmpeg ffmpeg 7.1
CVE-2025-10256

A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
patrick@puiterwijk.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2025-12343

A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
patrick@puiterwijk.org 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2025-1373 LOW

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,CWE-476,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2025-1594 HIGH

A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-121,CWE-787,

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2025-25468

FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2025-25469

FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
ffmpeg ffmpeg *
CVE-2025-63757

Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
ffmpeg ffmpeg 8