MidnightBSD

Advisories for libav

CVE-2011-1931 MEDIUM

sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.3.4
videolan vlc_media_player 0.5.0
videolan vlc_media_player 0.4.0
ffmpeg ffmpeg 0.3.1
videolan vlc_media_player 0.2.73
ffmpeg ffmpeg 0.5.2
libav libav *
videolan vlc_media_player 1.1.4.1
videolan vlc_media_player 0.2.63
videolan vlc_media_player 0.5.2
videolan vlc_media_player 0.8.6
videolan vlc_media_player 0.9.8a
videolan vlc_media_player 1.0.2
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
videolan vlc_media_player 0.4.5
libav libav 0.3
videolan vlc_media_player 0.6.2
videolan vlc_media_player 0.4.1
videolan vlc_media_player 1.1.7
ffmpeg ffmpeg 0.5.1
videolan vlc_media_player 0.1.99g
videolan vlc_media_player 1.0.4
videolan vlc_media_player 1.0.3
ffmpeg ffmpeg 0.4.9
videolan vlc_media_player 0.1.99i
videolan vlc_media_player 0.4.4
videolan vlc_media_player 1.1.0
libav libav 0.4.8
libav libav 0.4.9
videolan vlc_media_player 0.5.1
videolan vlc_media_player 1.1.8
videolan vlc_media_player 0.2.70
videolan vlc_media_player 0.2.71
videolan vlc_media_player 0.6.1
videolan vlc_media_player 0.3.0
videolan vlc_media_player 0.9.6
videolan vlc_media_player 1.0.5
libav libav 0.6
videolan vlc_media_player 0.6.0
videolan vlc_media_player 1.1.2
ffmpeg ffmpeg 0.4.6
libav libav 0.4.0
videolan vlc_media_player 1.1.3
ffmpeg ffmpeg 0.4.2
libav libav 0.4.6
videolan vlc_media_player 0.1.99b
videolan vlc_media_player 1.1.1
ffmpeg ffmpeg 0.4.4
videolan vlc_media_player 1.1.6
videolan vlc_media_player 0.2.60
videolan vlc_media_player 0.9.9
videolan vlc_media_player 0.2.61
ffmpeg ffmpeg 0.4.7
videolan vlc_media_player 0.2.90
libav libav 0.5.4
ffmpeg ffmpeg 0.6.1
videolan vlc_media_player 1.0.1
videolan vlc_media_player 0.4.6
libav libav 0.6.1
videolan vlc_media_player 1.0.0
videolan vlc_media_player 0.2.80
videolan vlc_media_player 0.2.82
videolan vlc_media_player 0.8.5
videolan vlc_media_player 0.2.81
libav libav 0.4.4
ffmpeg ffmpeg 0.4.8
videolan vlc_media_player *
videolan vlc_media_player 0.9.2
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
videolan vlc_media_player 0.1.99h
videolan vlc_media_player 0.7.2
libav libav 0.4.1
libav libav 0.3.1
ffmpeg ffmpeg *
videolan vlc_media_player 0.9.5
videolan vlc_media_player 1.1.5
videolan vlc_media_player 0.9.4
ffmpeg ffmpeg 0.3
videolan vlc_media_player 0.9.10
ffmpeg ffmpeg 0.4.3
videolan vlc_media_player 0.8.4
videolan vlc_media_player 0.4.3
ffmpeg ffmpeg 0.4.5
libav libav 0.5
videolan vlc_media_player 0.1.99f
videolan vlc_media_player 0.2.83
videolan vlc_media_player 0.8.0
libav libav 0.3.2
videolan vlc_media_player 1.0.6
libav libav 0.4.5
videolan vlc_media_player 0.7.0
videolan vlc_media_player 0.2.0
videolan vlc_media_player 0.9.3
videolan vlc_media_player 0.5.3
videolan vlc_media_player 0.2.72
videolan vlc_media_player 0.1.99e
videolan vlc_media_player 0.4.2
videolan vlc_media_player 0.8.1
videolan vlc_media_player 0.8.2
libav libav 0.3.3
videolan vlc_media_player 0.2.91
videolan vlc_media_player 0.2.62
videolan vlc_media_player 0.2.92
libav libav 0.4.3
ffmpeg ffmpeg 0.3.4
libav libav 0.4.2
videolan vlc_media_player 1.1.4
videolan vlc_media_player 0.3.1
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.5.4
libav libav 0.4.7
CVE-2011-3362 MEDIUM

Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libav libav 0.3.4
libav libav 0.6.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
libav libav 0.4.4
ffmpeg ffmpeg 0.5.2
libav libav *
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
libav libav 0.3
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
libav libav 0.4.1
libav libav 0.3.1
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.6.2
libav libav 0.7
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.5
libav libav 0.4.8
libav libav 0.4.9
libav libav 0.3.2
libav libav 0.4.5
libav libav 0.6
ffmpeg ffmpeg 0.4.6
libav libav 0.4.0
ffmpeg ffmpeg 0.4.2
libav libav 0.4.6
libav libav 0.3.3
ffmpeg ffmpeg 0.4.4
libav libav 0.4.3
ffmpeg ffmpeg 0.3.4
libav libav 0.4.2
ffmpeg ffmpeg 0.4.7
libav libav 0.5.4
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
libav libav 0.4.7
CVE-2011-3929 MEDIUM

The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.6.1
libav libav 0.7.1
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.7
libav libav 0.5.6
ffmpeg ffmpeg 0.7.6
libav libav 0.5.3
ffmpeg ffmpeg 0.7.2
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.7
libav libav 0.5.7
libav libav 0.7.4
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.6.4
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
libav libav 0.7.3
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.6
libav libav 0.5
libav libav 0.5.1
libav libav 0.8
CVE-2011-3936 MEDIUM

The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libav libav 0.6.1
ffmpeg ffmpeg 0.8.2
libav libav 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.7
libav libav 0.5.6
ffmpeg ffmpeg 0.7.6
libav libav 0.5.3
ffmpeg ffmpeg 0.7.2
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.7
libav libav 0.5.7
libav libav 0.7.4
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.6.4
ffmpeg ffmpeg 0.8.0
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
libav libav 0.7.3
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.6
libav libav 0.5
libav libav 0.5.1
libav libav 0.8
CVE-2011-3937 HIGH

The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.6.1
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
libav libav 0.5.8
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
libav libav 0.5.3
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.5.7
libav libav 0.7.4
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.5.5
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.5.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.5
libav libav 0.5.1
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
libav libav 0.6
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
libav libav 0.5.6
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.4.7
libav libav 0.5.4
libav libav 0.6.4
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
CVE-2011-3940 MEDIUM

nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.6.1
libav libav 0.7.1
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.7
libav libav 0.5.6
ffmpeg ffmpeg 0.7.6
libav libav 0.5.3
ffmpeg ffmpeg 0.7.2
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.7
libav libav 0.5.7
libav libav 0.7.4
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.6.4
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
libav libav 0.7.3
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.6
libav libav 0.5
libav libav 0.5.1
libav libav 0.8
CVE-2011-3945 MEDIUM

The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.6.1
ffmpeg ffmpeg 0.8.2
libav libav 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.7
libav libav 0.5.6
ffmpeg ffmpeg 0.7.6
libav libav 0.5.3
ffmpeg ffmpeg 0.7.2
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.7
libav libav 0.5.7
libav libav 0.7.4
ffmpeg ffmpeg 0.8.1
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.6.4
ffmpeg ffmpeg 0.8.0
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
libav libav 0.7.3
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.6
libav libav 0.5
libav libav 0.5.1
libav libav 0.8
CVE-2011-3947 MEDIUM

Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.6.1
libav libav 0.7.1
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.7
libav libav 0.5.6
ffmpeg ffmpeg 0.7.6
libav libav 0.5.3
ffmpeg ffmpeg 0.7.2
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.7
libav libav 0.5.7
libav libav 0.7.4
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.6.4
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
libav libav 0.7.3
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.6
libav libav 0.5
libav libav 0.5.1
libav libav 0.8
CVE-2011-3951 MEDIUM

The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.6.1
libav libav 0.7.1
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.8.7
libav libav 0.5.6
libav libav 0.5.3
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.7.2
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.11
libav libav 0.5.7
libav libav 0.7.4
ffmpeg ffmpeg 0.7.12
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.6.4
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
libav libav 0.7.3
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.6
libav libav 0.5
libav libav 0.5.1
libav libav 0.8
CVE-2011-3952 MEDIUM

The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libav libav 0.6.1
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
libav libav 0.5.3
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.6.2
libav libav 0.7
libav libav 0.5.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
libav libav 0.5
libav libav 0.5.1
libav libav 0.8
ffmpeg ffmpeg 0.8.2
libav libav 0.6
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.7.2
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
CVE-2011-4352 MEDIUM

Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libav libav 0.6.1
ffmpeg ffmpeg 0.8.2
libav libav 0.7.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7.5
libav libav 0.6
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.6
libav libav 0.5.3
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
libav libav 0.5.5
ffmpeg ffmpeg 0.6.3
libav libav 0.5.4
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.8.0
libav libav 0.6.2
libav libav 0.7
libav libav 0.5.2
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.5
libav libav 0.5.1
CVE-2011-4364 MEDIUM

Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.6.1
ffmpeg ffmpeg 0.8.2
libav libav 0.7.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.7.5
libav libav 0.6
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.6
libav libav 0.5.3
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.1
libav libav 0.5.5
ffmpeg ffmpeg 0.6.3
libav libav 0.5.4
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.8.0
libav libav 0.6.2
libav libav 0.7
libav libav 0.5.2
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.6
libav libav 0.5
libav libav 0.5.1
CVE-2011-4579 MEDIUM

The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.6.1
ffmpeg ffmpeg 0.8.2
libav libav 0.7.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
libav libav 0.6
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.5.5
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.7.6
libav libav 0.5.3
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.7.2
libav libav 0.7.2
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.1
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.6.4
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.8.0
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.5.2
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.6
libav libav 0.5
libav libav 0.5.1
CVE-2012-0851 MEDIUM

The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.6.1
libav libav 0.7.1
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.7
libav libav 0.5.6
libav libav 0.5.3
libav libav 0.7.5
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.7.2
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.11
libav libav 0.5.7
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.6.4
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.8.2
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
libav libav 0.7.3
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.6
libav libav 0.5
libav libav 0.5.1
libav libav 0.8
CVE-2012-0852 MEDIUM

The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.6.1
libav libav 0.7.1
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.7
libav libav 0.5.6
libav libav 0.5.3
libav libav 0.7.5
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.7.2
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.8.11
libav libav 0.5.7
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.6.4
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.8.2
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
libav libav 0.7.3
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.6
libav libav 0.5
libav libav 0.5.1
libav libav 0.8
CVE-2012-0853 MEDIUM

The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libav libav 0.6.1
ffmpeg ffmpeg 0.8.2
libav libav 0.7.1
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.7
libav libav 0.5.6
ffmpeg ffmpeg 0.7.6
libav libav 0.5.3
ffmpeg ffmpeg 0.7.2
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.7
libav libav 0.5.7
libav libav 0.7.4
ffmpeg ffmpeg 0.8.1
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.6.4
ffmpeg ffmpeg 0.8.0
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
libav libav 0.7.3
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.6
libav libav 0.5
libav libav 0.5.1
libav libav 0.8
CVE-2012-0858 MEDIUM

The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free".

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
libav libav 0.6.1
libav libav 0.7.1
ffmpeg ffmpeg 0.8.8
libav libav 0.6
ffmpeg ffmpeg 0.7.1
libav libav 0.6.3
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.8.7
libav libav 0.5.6
ffmpeg ffmpeg 0.7.6
libav libav 0.5.3
ffmpeg ffmpeg 0.7.2
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.7.7
libav libav 0.5.7
libav libav 0.7.4
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.6.4
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.5.2
ffmpeg ffmpeg 0.8.10
libav libav 0.7.3
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.8.6
libav libav 0.5
libav libav 0.5.1
libav libav 0.8
CVE-2012-0947 MEDIUM

Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.6.1
libav libav 0.7.5
libav libav 0.7.1
libav libav 0.7.2
libav libav 0.5.7
libav libav 0.7.4
libav libav 0.8.1
libav libav 0.6
libav libav 0.5.5
libav libav 0.5.4
libav libav 0.6.3
libav libav 0.6.4
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.5.2
libav libav 0.7.3
libav libav 0.5
libav libav 0.5.1
libav libav 0.5.6
libav libav 0.8
libav libav 0.5.3
CVE-2012-2772 HIGH

Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing with frame threading."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2775 HIGH

Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2776 HIGH

Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to an "out of picture write."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
CVE-2012-2777 HIGH

Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2779 HIGH

Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2783 HIGH

Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to "freeing the returned frame."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
libav libav 0.8.4
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2784 HIGH

Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2786 HIGH

Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2787 HIGH

Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
CVE-2012-2788 HIGH

Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2789 HIGH

Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2790 HIGH

Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2791 HIGH

Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
libav libav 0.8.4
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2793 HIGH

Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2794 HIGH

Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2796 HIGH

Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
CVE-2012-2797 HIGH

Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
libav libav 0.8.4
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
CVE-2012-2798 HIGH

Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2800 HIGH

Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2801 HIGH

Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2802 HIGH

Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
CVE-2012-2803 HIGH

Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.7.1
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.7.4
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.7
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
libav libav 0.7.3
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
libav libav 0.7.5
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
libav libav 0.8.4
ffmpeg ffmpeg 0.7.4
libav libav 0.7.2
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
libav libav 0.7.6
CVE-2012-2804 HIGH

Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.6.2
ffmpeg ffmpeg 0.7.3
ffmpeg ffmpeg 0.7
ffmpeg ffmpeg 0.5.2
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.6
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.9
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.8.11
libav libav 0.8.1
ffmpeg ffmpeg 0.7.12
ffmpeg ffmpeg 0.8.1
ffmpeg ffmpeg 0.8.5.4
ffmpeg ffmpeg 0.6.3
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.8.0
libav libav 0.8.2
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.5.4.6
libav libav 0.8
ffmpeg ffmpeg 0.8.2
ffmpeg ffmpeg 0.7.5
ffmpeg ffmpeg 0.9.1
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.5.3
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.10.3
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.5.4.5
ffmpeg ffmpeg 0.7.2
libav libav 0.8.4
ffmpeg ffmpeg 0.7.4
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.10
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.8.10
ffmpeg ffmpeg 0.7.9
CVE-2012-5144 HIGH

Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.8.3
google chrome 23.0.1271.37
canonical ubuntu_linux 11.10
google chrome 23.0.1271.13
libav libav 0.7.1
google chrome 23.0.1271.6
google chrome 23.0.1271.1
google chrome 23.0.1271.44
google chrome 23.0.1271.21
google chrome 23.0.1271.92
canonical ubuntu_linux 12.10
google chrome 23.0.1271.59
google chrome 23.0.1271.20
google chrome 23.0.1271.2
google chrome 23.0.1271.46
google chrome 23.0.1271.31
google chrome 23.0.1271.8
google chrome 23.0.1271.85
google chrome 23.0.1271.4
google chrome 23.0.1271.14
google chrome 23.0.1271.23
libav libav 0.7.4
libav libav 0.8.1
google chrome 23.0.1271.9
google chrome 23.0.1271.19
google chrome 23.0.1271.83
google chrome 23.0.1271.11
google chrome 23.0.1271.60
google chrome 23.0.1271.32
libav libav 0.7
libav libav 0.8.2
google chrome 23.0.1271.58
libav libav 0.7.3
google chrome 23.0.1271.35
google chrome 23.0.1271.12
google chrome 23.0.1271.10
google chrome 23.0.1271.86
libav libav 0.8
google chrome 23.0.1271.41
google chrome 23.0.1271.3
google chrome 23.0.1271.24
google chrome 23.0.1271.57
google chrome 23.0.1271.17
opensuse opensuse 12.2
google chrome 23.0.1271.89
google chrome 23.0.1271.95
google chrome 23.0.1271.45
google chrome 23.0.1271.7
google chrome 23.0.1271.50
google chrome 23.0.1271.55
google chrome 23.0.1271.64
google chrome 23.0.1271.30
google chrome 23.0.1271.52
google chrome 23.0.1271.49
google chrome 23.0.1271.56
google chrome 23.0.1271.22
google chrome 23.0.1271.39
google chrome 23.0.1271.0
google chrome 23.0.1271.15
google chrome 23.0.1271.91
google chrome 23.0.1271.51
google chrome 23.0.1271.36
google chrome 23.0.1271.62
google chrome 23.0.1271.54
libav libav 0.7.5
canonical ubuntu_linux 12.04
google chrome 23.0.1271.84
libav libav 0.8.4
google chrome 23.0.1271.87
google chrome *
libav libav 0.7.2
google chrome 23.0.1271.38
google chrome 23.0.1271.16
google chrome 23.0.1271.33
google chrome 23.0.1271.88
google chrome 23.0.1271.93
google chrome 23.0.1271.26
google chrome 23.0.1271.18
google chrome 23.0.1271.5
google chrome 23.0.1271.61
google chrome 23.0.1271.40
google chrome 23.0.1271.53
libav libav 0.7.6
google chrome 23.0.1271.94
opensuse opensuse 12.1
CVE-2014-3984 HIGH

Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 0.8.3
libav libav 0.8.6
libav libav 0.8.4
libav libav *
libav libav 0.8.5
libav libav 0.8.1
libav libav 0.8.2
libav libav 0.8.9
libav libav 0.8.7
libav libav 0.8.10
libav libav 0.8
libav libav 0.8.8
CVE-2014-4609 MEDIUM

Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
libav libav *
CVE-2014-5271 HIGH

Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 0.6.1
libav libav 0.8.3
ffmpeg ffmpeg 1.1.11
libav libav 0.7.1
libav libav *
libav libav 0.8.5
ffmpeg ffmpeg 1.2.7
ffmpeg ffmpeg 1.2.3
ffmpeg ffmpeg 2.1.5
libav libav 10.3
ffmpeg ffmpeg 1.1.9
libav libav 0.8.12
libav libav 0.6.3
ffmpeg ffmpeg 1.1
ffmpeg ffmpeg 1.1.2
libav libav 0.5.8
ffmpeg ffmpeg 2.0.4
ffmpeg ffmpeg 2.1.3
libav libav 0.5.3
ffmpeg ffmpeg 1.2.5
ffmpeg ffmpeg 2.3
libav libav 10.1
ffmpeg ffmpeg 1.1.12
ffmpeg ffmpeg *
libav libav 0.5.7
libav libav 0.8.11
libav libav 0.7.4
libav libav 0.8.1
libav libav 0.5.5
ffmpeg ffmpeg 2.1
libav libav 0.6.2
libav libav 0.6.5
libav libav 0.7
libav libav 0.8.2
libav libav 0.5.2
ffmpeg ffmpeg 2.1.4
libav libav 0.7.3
ffmpeg ffmpeg 1.1.1
libav libav 0.5
ffmpeg ffmpeg 1.2
libav libav 0.5.1
libav libav 0.8
ffmpeg ffmpeg 1.1.8
ffmpeg ffmpeg 2.0.1
libav libav 0.8.6
ffmpeg ffmpeg 1.1.5
ffmpeg ffmpeg 1.1.4
ffmpeg ffmpeg 2.0
libav libav 0.6
ffmpeg ffmpeg 2.1.2
ffmpeg ffmpeg 2.0.5
ffmpeg ffmpeg 1.1.10
ffmpeg ffmpeg 1.2.1
libav libav 0.8.9
ffmpeg ffmpeg 1.1.3
libav libav 0.8.7
ffmpeg ffmpeg 1.2.6
libav libav 0.8.10
libav libav 0.5.6
ffmpeg ffmpeg 1.1.6
ffmpeg ffmpeg 2.3.2
libav libav 0.8.8
ffmpeg ffmpeg 2.1.1
libav libav 0.7.5
libav libav 0.8.4
libav libav 0.7.2
ffmpeg ffmpeg 2.2
ffmpeg ffmpeg 1.1.7
libav libav 0.5.4
libav libav 0.6.4
ffmpeg ffmpeg 2.0.2
ffmpeg ffmpeg 1.2.4
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.0.3
libav libav 10.2
libav libav 0.7.6
CVE-2015-3395 MEDIUM

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 2.4.1
libav libav 11.2
ffmpeg ffmpeg 2.5.0
ffmpeg ffmpeg 2.5.4
libav libav *
ffmpeg ffmpeg 2.2.7
ffmpeg ffmpeg 2.2.9
ffmpeg ffmpeg 2.2.10
libav libav 11.1
ffmpeg ffmpeg 2.2.8
ffmpeg ffmpeg 2.5.2
ffmpeg ffmpeg 2.2.5
ffmpeg ffmpeg 2.4.7
ffmpeg ffmpeg 2.2.6
ffmpeg ffmpeg 2.2.11
ffmpeg ffmpeg 2.4.6
ffmpeg ffmpeg 2.2.3
ffmpeg ffmpeg 2.2.13
ffmpeg ffmpeg 2.2.0
ffmpeg ffmpeg 2.6.0
ffmpeg ffmpeg 2.2.1
libav libav 11.0
canonical ubuntu_linux 12.04
ffmpeg ffmpeg 2.4.0
ffmpeg ffmpeg 2.0.6
ffmpeg ffmpeg 2.4.4
ffmpeg ffmpeg 2.2.14
ffmpeg ffmpeg 2.4.5
ffmpeg ffmpeg 2.5.5
ffmpeg ffmpeg 2.5.3
libav libav 11.3
ffmpeg ffmpeg 2.4.3
ffmpeg ffmpeg 2.6.1
ffmpeg ffmpeg 2.2.2
ffmpeg ffmpeg 2.2.12
ffmpeg ffmpeg 2.2.4
ffmpeg ffmpeg 2.4.2
ffmpeg ffmpeg 2.5.1
CVE-2015-5479 MEDIUM

The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
opensuse leap 42.1
libav libav *
ubuntu ubuntu 12.04
CVE-2016-3062 MEDIUM

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse leap 42.1
ffmpeg ffmpeg *
debian debian_linux *
libav libav *
CVE-2016-6832 MEDIUM

Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav *
CVE-2016-7393 MEDIUM

Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libav libav *
CVE-2016-7424 MEDIUM

The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libav libav *
CVE-2016-7477 MEDIUM

The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libav libav 11.7
CVE-2016-7499 MEDIUM

The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
libav libav 11.7
CVE-2016-8675 MEDIUM

The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libav libav *
CVE-2016-8676 MEDIUM

The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an incomplete fix for CVE-2016-8675.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libav libav *
CVE-2016-9819 MEDIUM

libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libav libav 11.8
CVE-2016-9820 MEDIUM

libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libav libav 11.8
CVE-2016-9821 MEDIUM

Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
libav libav 11.8
CVE-2016-9822 MEDIUM

Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
libav libav 11.8
CVE-2016-9823 MEDIUM

libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 11.8
CVE-2016-9824 MEDIUM

Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
libav libav 11.8
CVE-2016-9825 MEDIUM

libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libav libav 11.8
CVE-2016-9826 MEDIUM

libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libav libav 11.8
CVE-2017-1000460 MEDIUM

In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
google chrome *
ffmpeg ffmpeg 3.4
libav libav 13_dev0
CVE-2017-11684 MEDIUM

There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 12.1
CVE-2017-16803 MEDIUM

In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 12.1
libav libav *
libav libav 12.0
CVE-2017-17127 MEDIUM

The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libav libav 12.2
CVE-2017-17128 MEDIUM

The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 12.2
CVE-2017-17129 MEDIUM

The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libav libav 12.2
CVE-2017-17130 MEDIUM

The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to vc1_decode_i_blocks_adv.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 12.2
CVE-2017-18242 MEDIUM

The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libav libav 12.2
CVE-2017-18243 MEDIUM

The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 12.2
CVE-2017-18244 MEDIUM

The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libav libav 12.2
CVE-2017-18245 MEDIUM

The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libav libav 12.2
CVE-2017-18246 MEDIUM

The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libav libav 12.2
CVE-2017-18247 MEDIUM

The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted media file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libav libav 12.2
CVE-2017-5984 MEDIUM

In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libav libav 9.21
CVE-2017-7206 MEDIUM

The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libav libav 9.21
CVE-2017-7208 MEDIUM

The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libav libav 9.21
CVE-2017-9051 HIGH

libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libav libav *
CVE-2017-9987 MEDIUM

There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 12.1
CVE-2018-11102 MEDIUM

An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2018-11224 MEDIUM

An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in libavcodec/aacsbr.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2018-18826 MEDIUM

There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2018-18827 MEDIUM

There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2018-18828 MEDIUM

There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2018-18829 MEDIUM

There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2018-19128 MEDIUM

In Libav 12.3, there is a heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2018-19129 MEDIUM

In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2018-19130 MEDIUM

In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2018-20001 MEDIUM

In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2018-5684 MEDIUM

In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav *
CVE-2018-5766 MEDIUM

In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libav libav *
CVE-2019-14371 MEDIUM

An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2019-14372 MEDIUM

In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2019-14441 MEDIUM

An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. NOTE: This may be a duplicate of CVE-2018-19129

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2019-14442 HIGH

In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-835,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libav libav 12.3
CVE-2019-14443 MEDIUM

An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libav libav 12.3
CVE-2019-9717 HIGH

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
libav libav *
CVE-2019-9719 MEDIUM

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libav libav *
CVE-2019-9720 HIGH

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libav libav *
CVE-2020-18775 MEDIUM

In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2020-18776 MEDIUM

In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2020-18778 MEDIUM

In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libav libav 12.3
CVE-2025-8584 LOW

A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,CWE-476,

Products Affected

Vendor Product Version
libav libav *
CVE-2025-8585 MEDIUM

A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-415,

Products Affected

Vendor Product Version
libav libav *
CVE-2025-8586 LOW

A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,CWE-476,

Products Affected

Vendor Product Version
libav libav *