sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.3.4 |
| videolan | vlc_media_player | 0.5.0 |
| videolan | vlc_media_player | 0.4.0 |
| ffmpeg | ffmpeg | 0.3.1 |
| videolan | vlc_media_player | 0.2.73 |
| ffmpeg | ffmpeg | 0.5.2 |
| libav | libav | * |
| videolan | vlc_media_player | 1.1.4.1 |
| videolan | vlc_media_player | 0.2.63 |
| videolan | vlc_media_player | 0.5.2 |
| videolan | vlc_media_player | 0.8.6 |
| videolan | vlc_media_player | 0.9.8a |
| videolan | vlc_media_player | 1.0.2 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| videolan | vlc_media_player | 0.4.5 |
| libav | libav | 0.3 |
| videolan | vlc_media_player | 0.6.2 |
| videolan | vlc_media_player | 0.4.1 |
| videolan | vlc_media_player | 1.1.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| videolan | vlc_media_player | 0.1.99g |
| videolan | vlc_media_player | 1.0.4 |
| videolan | vlc_media_player | 1.0.3 |
| ffmpeg | ffmpeg | 0.4.9 |
| videolan | vlc_media_player | 0.1.99i |
| videolan | vlc_media_player | 0.4.4 |
| videolan | vlc_media_player | 1.1.0 |
| libav | libav | 0.4.8 |
| libav | libav | 0.4.9 |
| videolan | vlc_media_player | 0.5.1 |
| videolan | vlc_media_player | 1.1.8 |
| videolan | vlc_media_player | 0.2.70 |
| videolan | vlc_media_player | 0.2.71 |
| videolan | vlc_media_player | 0.6.1 |
| videolan | vlc_media_player | 0.3.0 |
| videolan | vlc_media_player | 0.9.6 |
| videolan | vlc_media_player | 1.0.5 |
| libav | libav | 0.6 |
| videolan | vlc_media_player | 0.6.0 |
| videolan | vlc_media_player | 1.1.2 |
| ffmpeg | ffmpeg | 0.4.6 |
| libav | libav | 0.4.0 |
| videolan | vlc_media_player | 1.1.3 |
| ffmpeg | ffmpeg | 0.4.2 |
| libav | libav | 0.4.6 |
| videolan | vlc_media_player | 0.1.99b |
| videolan | vlc_media_player | 1.1.1 |
| ffmpeg | ffmpeg | 0.4.4 |
| videolan | vlc_media_player | 1.1.6 |
| videolan | vlc_media_player | 0.2.60 |
| videolan | vlc_media_player | 0.9.9 |
| videolan | vlc_media_player | 0.2.61 |
| ffmpeg | ffmpeg | 0.4.7 |
| videolan | vlc_media_player | 0.2.90 |
| libav | libav | 0.5.4 |
| ffmpeg | ffmpeg | 0.6.1 |
| videolan | vlc_media_player | 1.0.1 |
| videolan | vlc_media_player | 0.4.6 |
| libav | libav | 0.6.1 |
| videolan | vlc_media_player | 1.0.0 |
| videolan | vlc_media_player | 0.2.80 |
| videolan | vlc_media_player | 0.2.82 |
| videolan | vlc_media_player | 0.8.5 |
| videolan | vlc_media_player | 0.2.81 |
| libav | libav | 0.4.4 |
| ffmpeg | ffmpeg | 0.4.8 |
| videolan | vlc_media_player | * |
| videolan | vlc_media_player | 0.9.2 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| videolan | vlc_media_player | 0.1.99h |
| videolan | vlc_media_player | 0.7.2 |
| libav | libav | 0.4.1 |
| libav | libav | 0.3.1 |
| ffmpeg | ffmpeg | * |
| videolan | vlc_media_player | 0.9.5 |
| videolan | vlc_media_player | 1.1.5 |
| videolan | vlc_media_player | 0.9.4 |
| ffmpeg | ffmpeg | 0.3 |
| videolan | vlc_media_player | 0.9.10 |
| ffmpeg | ffmpeg | 0.4.3 |
| videolan | vlc_media_player | 0.8.4 |
| videolan | vlc_media_player | 0.4.3 |
| ffmpeg | ffmpeg | 0.4.5 |
| libav | libav | 0.5 |
| videolan | vlc_media_player | 0.1.99f |
| videolan | vlc_media_player | 0.2.83 |
| videolan | vlc_media_player | 0.8.0 |
| libav | libav | 0.3.2 |
| videolan | vlc_media_player | 1.0.6 |
| libav | libav | 0.4.5 |
| videolan | vlc_media_player | 0.7.0 |
| videolan | vlc_media_player | 0.2.0 |
| videolan | vlc_media_player | 0.9.3 |
| videolan | vlc_media_player | 0.5.3 |
| videolan | vlc_media_player | 0.2.72 |
| videolan | vlc_media_player | 0.1.99e |
| videolan | vlc_media_player | 0.4.2 |
| videolan | vlc_media_player | 0.8.1 |
| videolan | vlc_media_player | 0.8.2 |
| libav | libav | 0.3.3 |
| videolan | vlc_media_player | 0.2.91 |
| videolan | vlc_media_player | 0.2.62 |
| videolan | vlc_media_player | 0.2.92 |
| libav | libav | 0.4.3 |
| ffmpeg | ffmpeg | 0.3.4 |
| libav | libav | 0.4.2 |
| videolan | vlc_media_player | 1.1.4 |
| videolan | vlc_media_player | 0.3.1 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.5.4 |
| libav | libav | 0.4.7 |
Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.3.4 |
| libav | libav | 0.6.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| libav | libav | 0.4.4 |
| ffmpeg | ffmpeg | 0.5.2 |
| libav | libav | * |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| libav | libav | 0.3 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| libav | libav | 0.4.1 |
| libav | libav | 0.3.1 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.6.2 |
| libav | libav | 0.7 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.5 |
| libav | libav | 0.4.8 |
| libav | libav | 0.4.9 |
| libav | libav | 0.3.2 |
| libav | libav | 0.4.5 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.4.6 |
| libav | libav | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.2 |
| libav | libav | 0.4.6 |
| libav | libav | 0.3.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.4.3 |
| ffmpeg | ffmpeg | 0.3.4 |
| libav | libav | 0.4.2 |
| ffmpeg | ffmpeg | 0.4.7 |
| libav | libav | 0.5.4 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| libav | libav | 0.4.7 |
The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.8.8 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.8.7 |
| libav | libav | 0.5.6 |
| ffmpeg | ffmpeg | 0.7.6 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.7.7 |
| libav | libav | 0.5.7 |
| libav | libav | 0.7.4 |
| libav | libav | 0.5.5 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.4 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.10 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.7.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
| libav | libav | 0.8 |
The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| ffmpeg | ffmpeg | 0.8.2 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.8.8 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.8.7 |
| libav | libav | 0.5.6 |
| ffmpeg | ffmpeg | 0.7.6 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.7.7 |
| libav | libav | 0.5.7 |
| libav | libav | 0.7.4 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| libav | libav | 0.5.5 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.4 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.10 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.7.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
| libav | libav | 0.8 |
The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| libav | libav | 0.5.8 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.5.7 |
| libav | libav | 0.7.4 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| libav | libav | 0.5.5 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| libav | libav | 0.5.6 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.4.4 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.4.7 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.4 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.8.8 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.8.7 |
| libav | libav | 0.5.6 |
| ffmpeg | ffmpeg | 0.7.6 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.7.7 |
| libav | libav | 0.5.7 |
| libav | libav | 0.7.4 |
| libav | libav | 0.5.5 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.4 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.10 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.7.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
| libav | libav | 0.8 |
The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| ffmpeg | ffmpeg | 0.8.2 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.8.8 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.8.7 |
| libav | libav | 0.5.6 |
| ffmpeg | ffmpeg | 0.7.6 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.7.7 |
| libav | libav | 0.5.7 |
| libav | libav | 0.7.4 |
| ffmpeg | ffmpeg | 0.8.1 |
| libav | libav | 0.5.5 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.4 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.10 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.7.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
| libav | libav | 0.8 |
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.8.8 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.8.7 |
| libav | libav | 0.5.6 |
| ffmpeg | ffmpeg | 0.7.6 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.7.7 |
| libav | libav | 0.5.7 |
| libav | libav | 0.7.4 |
| libav | libav | 0.5.5 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.4 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.10 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.7.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
| libav | libav | 0.8 |
The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.8.8 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.8.7 |
| libav | libav | 0.5.6 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.5.7 |
| libav | libav | 0.7.4 |
| ffmpeg | ffmpeg | 0.7.12 |
| libav | libav | 0.5.5 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.4 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.10 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.7.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
| libav | libav | 0.8 |
The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.6.2 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| ffmpeg | ffmpeg | 0.8.2 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.7.6 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| libav | libav | 0.5.5 |
| ffmpeg | ffmpeg | 0.6.3 |
| libav | libav | 0.5.4 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.6.2 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| ffmpeg | ffmpeg | 0.8.2 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.5.5 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.7.6 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.8.1 |
| libav | libav | 0.5.5 |
| ffmpeg | ffmpeg | 0.6.3 |
| libav | libav | 0.5.4 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.6.2 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| ffmpeg | ffmpeg | 0.8.2 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.5.5 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.7.6 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.8.1 |
| libav | libav | 0.5.5 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.4 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.8.8 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.8.7 |
| libav | libav | 0.5.6 |
| libav | libav | 0.5.3 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.5.7 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| libav | libav | 0.5.5 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.4 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.10 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.7.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
| libav | libav | 0.8 |
The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.8.8 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.8.7 |
| libav | libav | 0.5.6 |
| libav | libav | 0.5.3 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.5.7 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| libav | libav | 0.5.5 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.4 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.10 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.7.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
| libav | libav | 0.8 |
The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| ffmpeg | ffmpeg | 0.8.2 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.8.8 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.8.7 |
| libav | libav | 0.5.6 |
| ffmpeg | ffmpeg | 0.7.6 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.7.7 |
| libav | libav | 0.5.7 |
| libav | libav | 0.7.4 |
| ffmpeg | ffmpeg | 0.8.1 |
| libav | libav | 0.5.5 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.4 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.10 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.7.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
| libav | libav | 0.8 |
The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free".
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.8.8 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 0.7.1 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.8.7 |
| libav | libav | 0.5.6 |
| ffmpeg | ffmpeg | 0.7.6 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.7.7 |
| libav | libav | 0.5.7 |
| libav | libav | 0.7.4 |
| libav | libav | 0.5.5 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.4 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.10 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.7.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
| libav | libav | 0.8 |
Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| libav | libav | 0.7.5 |
| libav | libav | 0.7.1 |
| libav | libav | 0.7.2 |
| libav | libav | 0.5.7 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| libav | libav | 0.6 |
| libav | libav | 0.5.5 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.3 |
| libav | libav | 0.6.4 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.5.2 |
| libav | libav | 0.7.3 |
| libav | libav | 0.5 |
| libav | libav | 0.5.1 |
| libav | libav | 0.5.6 |
| libav | libav | 0.8 |
| libav | libav | 0.5.3 |
Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing with frame threading."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to an "out of picture write."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to "freeing the returned frame."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.8.4 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.8.4 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.8.4 |
| ffmpeg | ffmpeg | 0.7.4 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.4 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.7.1 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| libav | libav | 0.7.5 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.8.4 |
| ffmpeg | ffmpeg | 0.7.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
| libav | libav | 0.7.6 |
Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| ffmpeg | ffmpeg | 0.3.1 |
| ffmpeg | ffmpeg | 0.6.2 |
| ffmpeg | ffmpeg | 0.7.3 |
| ffmpeg | ffmpeg | 0.7 |
| ffmpeg | ffmpeg | 0.5.2 |
| ffmpeg | ffmpeg | 0.8.8 |
| ffmpeg | ffmpeg | 0.7.1 |
| ffmpeg | ffmpeg | 0.6 |
| ffmpeg | ffmpeg | 0.4.0 |
| ffmpeg | ffmpeg | 0.4.8 |
| ffmpeg | ffmpeg | 0.7.8 |
| ffmpeg | ffmpeg | 0.9 |
| ffmpeg | ffmpeg | 0.3.2 |
| ffmpeg | ffmpeg | 0.5.3 |
| ffmpeg | ffmpeg | 0.8.7 |
| ffmpeg | ffmpeg | 0.5.1 |
| ffmpeg | ffmpeg | * |
| ffmpeg | ffmpeg | 0.8.11 |
| libav | libav | 0.8.1 |
| ffmpeg | ffmpeg | 0.7.12 |
| ffmpeg | ffmpeg | 0.8.1 |
| ffmpeg | ffmpeg | 0.8.5.4 |
| ffmpeg | ffmpeg | 0.6.3 |
| ffmpeg | ffmpeg | 0.3 |
| ffmpeg | ffmpeg | 0.4.3 |
| ffmpeg | ffmpeg | 0.8.0 |
| libav | libav | 0.8.2 |
| ffmpeg | ffmpeg | 0.4.5 |
| ffmpeg | ffmpeg | 0.4.9 |
| ffmpeg | ffmpeg | 0.8.6 |
| ffmpeg | ffmpeg | 0.5.4.6 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 0.8.2 |
| ffmpeg | ffmpeg | 0.7.5 |
| ffmpeg | ffmpeg | 0.9.1 |
| ffmpeg | ffmpeg | 0.8.5 |
| ffmpeg | ffmpeg | 0.8.5.3 |
| ffmpeg | ffmpeg | 0.4.6 |
| ffmpeg | ffmpeg | 0.4.2 |
| ffmpeg | ffmpeg | 0.7.6 |
| ffmpeg | ffmpeg | 0.10.3 |
| ffmpeg | ffmpeg | 0.4.4 |
| ffmpeg | ffmpeg | 0.5.4.5 |
| ffmpeg | ffmpeg | 0.7.2 |
| libav | libav | 0.8.4 |
| ffmpeg | ffmpeg | 0.7.4 |
| ffmpeg | ffmpeg | 0.7.11 |
| ffmpeg | ffmpeg | 0.3.4 |
| ffmpeg | ffmpeg | 0.7.7 |
| ffmpeg | ffmpeg | 0.10 |
| ffmpeg | ffmpeg | 0.4.7 |
| ffmpeg | ffmpeg | 0.3.3 |
| ffmpeg | ffmpeg | 0.5 |
| ffmpeg | ffmpeg | 0.6.1 |
| ffmpeg | ffmpeg | 0.5.4 |
| ffmpeg | ffmpeg | 0.8.10 |
| ffmpeg | ffmpeg | 0.7.9 |
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| chrome | 23.0.1271.37 | |
| canonical | ubuntu_linux | 11.10 |
| chrome | 23.0.1271.13 | |
| libav | libav | 0.7.1 |
| chrome | 23.0.1271.6 | |
| chrome | 23.0.1271.1 | |
| chrome | 23.0.1271.44 | |
| chrome | 23.0.1271.21 | |
| chrome | 23.0.1271.92 | |
| canonical | ubuntu_linux | 12.10 |
| chrome | 23.0.1271.59 | |
| chrome | 23.0.1271.20 | |
| chrome | 23.0.1271.2 | |
| chrome | 23.0.1271.46 | |
| chrome | 23.0.1271.31 | |
| chrome | 23.0.1271.8 | |
| chrome | 23.0.1271.85 | |
| chrome | 23.0.1271.4 | |
| chrome | 23.0.1271.14 | |
| chrome | 23.0.1271.23 | |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| chrome | 23.0.1271.9 | |
| chrome | 23.0.1271.19 | |
| chrome | 23.0.1271.83 | |
| chrome | 23.0.1271.11 | |
| chrome | 23.0.1271.60 | |
| chrome | 23.0.1271.32 | |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| chrome | 23.0.1271.58 | |
| libav | libav | 0.7.3 |
| chrome | 23.0.1271.35 | |
| chrome | 23.0.1271.12 | |
| chrome | 23.0.1271.10 | |
| chrome | 23.0.1271.86 | |
| libav | libav | 0.8 |
| chrome | 23.0.1271.41 | |
| chrome | 23.0.1271.3 | |
| chrome | 23.0.1271.24 | |
| chrome | 23.0.1271.57 | |
| chrome | 23.0.1271.17 | |
| opensuse | opensuse | 12.2 |
| chrome | 23.0.1271.89 | |
| chrome | 23.0.1271.95 | |
| chrome | 23.0.1271.45 | |
| chrome | 23.0.1271.7 | |
| chrome | 23.0.1271.50 | |
| chrome | 23.0.1271.55 | |
| chrome | 23.0.1271.64 | |
| chrome | 23.0.1271.30 | |
| chrome | 23.0.1271.52 | |
| chrome | 23.0.1271.49 | |
| chrome | 23.0.1271.56 | |
| chrome | 23.0.1271.22 | |
| chrome | 23.0.1271.39 | |
| chrome | 23.0.1271.0 | |
| chrome | 23.0.1271.15 | |
| chrome | 23.0.1271.91 | |
| chrome | 23.0.1271.51 | |
| chrome | 23.0.1271.36 | |
| chrome | 23.0.1271.62 | |
| chrome | 23.0.1271.54 | |
| libav | libav | 0.7.5 |
| canonical | ubuntu_linux | 12.04 |
| chrome | 23.0.1271.84 | |
| libav | libav | 0.8.4 |
| chrome | 23.0.1271.87 | |
| chrome | * | |
| libav | libav | 0.7.2 |
| chrome | 23.0.1271.38 | |
| chrome | 23.0.1271.16 | |
| chrome | 23.0.1271.33 | |
| chrome | 23.0.1271.88 | |
| chrome | 23.0.1271.93 | |
| chrome | 23.0.1271.26 | |
| chrome | 23.0.1271.18 | |
| chrome | 23.0.1271.5 | |
| chrome | 23.0.1271.61 | |
| chrome | 23.0.1271.40 | |
| chrome | 23.0.1271.53 | |
| libav | libav | 0.7.6 |
| chrome | 23.0.1271.94 | |
| opensuse | opensuse | 12.1 |
Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.8.3 |
| libav | libav | 0.8.6 |
| libav | libav | 0.8.4 |
| libav | libav | * |
| libav | libav | 0.8.5 |
| libav | libav | 0.8.1 |
| libav | libav | 0.8.2 |
| libav | libav | 0.8.9 |
| libav | libav | 0.8.7 |
| libav | libav | 0.8.10 |
| libav | libav | 0.8 |
| libav | libav | 0.8.8 |
Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |
Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 0.6.1 |
| libav | libav | 0.8.3 |
| ffmpeg | ffmpeg | 1.1.11 |
| libav | libav | 0.7.1 |
| libav | libav | * |
| libav | libav | 0.8.5 |
| ffmpeg | ffmpeg | 1.2.7 |
| ffmpeg | ffmpeg | 1.2.3 |
| ffmpeg | ffmpeg | 2.1.5 |
| libav | libav | 10.3 |
| ffmpeg | ffmpeg | 1.1.9 |
| libav | libav | 0.8.12 |
| libav | libav | 0.6.3 |
| ffmpeg | ffmpeg | 1.1 |
| ffmpeg | ffmpeg | 1.1.2 |
| libav | libav | 0.5.8 |
| ffmpeg | ffmpeg | 2.0.4 |
| ffmpeg | ffmpeg | 2.1.3 |
| libav | libav | 0.5.3 |
| ffmpeg | ffmpeg | 1.2.5 |
| ffmpeg | ffmpeg | 2.3 |
| libav | libav | 10.1 |
| ffmpeg | ffmpeg | 1.1.12 |
| ffmpeg | ffmpeg | * |
| libav | libav | 0.5.7 |
| libav | libav | 0.8.11 |
| libav | libav | 0.7.4 |
| libav | libav | 0.8.1 |
| libav | libav | 0.5.5 |
| ffmpeg | ffmpeg | 2.1 |
| libav | libav | 0.6.2 |
| libav | libav | 0.6.5 |
| libav | libav | 0.7 |
| libav | libav | 0.8.2 |
| libav | libav | 0.5.2 |
| ffmpeg | ffmpeg | 2.1.4 |
| libav | libav | 0.7.3 |
| ffmpeg | ffmpeg | 1.1.1 |
| libav | libav | 0.5 |
| ffmpeg | ffmpeg | 1.2 |
| libav | libav | 0.5.1 |
| libav | libav | 0.8 |
| ffmpeg | ffmpeg | 1.1.8 |
| ffmpeg | ffmpeg | 2.0.1 |
| libav | libav | 0.8.6 |
| ffmpeg | ffmpeg | 1.1.5 |
| ffmpeg | ffmpeg | 1.1.4 |
| ffmpeg | ffmpeg | 2.0 |
| libav | libav | 0.6 |
| ffmpeg | ffmpeg | 2.1.2 |
| ffmpeg | ffmpeg | 2.0.5 |
| ffmpeg | ffmpeg | 1.1.10 |
| ffmpeg | ffmpeg | 1.2.1 |
| libav | libav | 0.8.9 |
| ffmpeg | ffmpeg | 1.1.3 |
| libav | libav | 0.8.7 |
| ffmpeg | ffmpeg | 1.2.6 |
| libav | libav | 0.8.10 |
| libav | libav | 0.5.6 |
| ffmpeg | ffmpeg | 1.1.6 |
| ffmpeg | ffmpeg | 2.3.2 |
| libav | libav | 0.8.8 |
| ffmpeg | ffmpeg | 2.1.1 |
| libav | libav | 0.7.5 |
| libav | libav | 0.8.4 |
| libav | libav | 0.7.2 |
| ffmpeg | ffmpeg | 2.2 |
| ffmpeg | ffmpeg | 1.1.7 |
| libav | libav | 0.5.4 |
| libav | libav | 0.6.4 |
| ffmpeg | ffmpeg | 2.0.2 |
| ffmpeg | ffmpeg | 1.2.4 |
| ffmpeg | ffmpeg | 2.2.4 |
| ffmpeg | ffmpeg | 2.0.3 |
| libav | libav | 10.2 |
| libav | libav | 0.7.6 |
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ffmpeg | ffmpeg | 2.4.1 |
| libav | libav | 11.2 |
| ffmpeg | ffmpeg | 2.5.0 |
| ffmpeg | ffmpeg | 2.5.4 |
| libav | libav | * |
| ffmpeg | ffmpeg | 2.2.7 |
| ffmpeg | ffmpeg | 2.2.9 |
| ffmpeg | ffmpeg | 2.2.10 |
| libav | libav | 11.1 |
| ffmpeg | ffmpeg | 2.2.8 |
| ffmpeg | ffmpeg | 2.5.2 |
| ffmpeg | ffmpeg | 2.2.5 |
| ffmpeg | ffmpeg | 2.4.7 |
| ffmpeg | ffmpeg | 2.2.6 |
| ffmpeg | ffmpeg | 2.2.11 |
| ffmpeg | ffmpeg | 2.4.6 |
| ffmpeg | ffmpeg | 2.2.3 |
| ffmpeg | ffmpeg | 2.2.13 |
| ffmpeg | ffmpeg | 2.2.0 |
| ffmpeg | ffmpeg | 2.6.0 |
| ffmpeg | ffmpeg | 2.2.1 |
| libav | libav | 11.0 |
| canonical | ubuntu_linux | 12.04 |
| ffmpeg | ffmpeg | 2.4.0 |
| ffmpeg | ffmpeg | 2.0.6 |
| ffmpeg | ffmpeg | 2.4.4 |
| ffmpeg | ffmpeg | 2.2.14 |
| ffmpeg | ffmpeg | 2.4.5 |
| ffmpeg | ffmpeg | 2.5.5 |
| ffmpeg | ffmpeg | 2.5.3 |
| libav | libav | 11.3 |
| ffmpeg | ffmpeg | 2.4.3 |
| ffmpeg | ffmpeg | 2.6.1 |
| ffmpeg | ffmpeg | 2.2.2 |
| ffmpeg | ffmpeg | 2.2.12 |
| ffmpeg | ffmpeg | 2.2.4 |
| ffmpeg | ffmpeg | 2.4.2 |
| ffmpeg | ffmpeg | 2.5.1 |
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| libav | libav | * |
| ubuntu | ubuntu | 12.04 |
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| ffmpeg | ffmpeg | * |
| debian | debian_linux | * |
| libav | libav | * |
Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |
Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| libav | libav | * |
The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 11.7 |
The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 11.7 |
The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |
The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an incomplete fix for CVE-2016-8675.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |
libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 11.8 |
libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 11.8 |
Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 11.8 |
Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 11.8 |
libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 11.8 |
Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 11.8 |
libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 11.8 |
libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 11.8 |
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| chrome | * | |
| ffmpeg | ffmpeg | 3.4 |
| libav | libav | 13_dev0 |
There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.1 |
In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.1 |
| libav | libav | * |
| libav | libav | 12.0 |
The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.2 |
The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.2 |
The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.2 |
The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to vc1_decode_i_blocks_adv.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.2 |
The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.2 |
The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.2 |
The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.2 |
The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.2 |
The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.2 |
The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted media file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.2 |
In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 9.21 |
The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 9.21 |
The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 9.21 |
libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |
There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.1 |
An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in libavcodec/aacsbr.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
In Libav 12.3, there is a heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |
In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |
An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. NOTE: This may be a duplicate of CVE-2018-19129
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| libav | libav | 12.3 |
An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| libav | libav | 12.3 |
In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |
In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 12.3 |
A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-404,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |
A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |
A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-404,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libav | libav | * |