Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-8542 | 7.5 |
libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.
|
05-03-2019 - 17:53 | 05-11-2014 - 11:55 | |
CVE-2013-0858 | 9.3 |
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.
|
06-12-2016 - 19:05 | 07-12-2013 - 21:55 | |
CVE-2014-8549 | 7.5 |
libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.
|
03-12-2016 - 03:02 | 05-11-2014 - 11:55 | |
CVE-2014-8546 | 7.5 |
Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.
|
03-12-2016 - 03:01 | 05-11-2014 - 11:55 | |
CVE-2014-8547 | 7.5 |
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.
|
03-12-2016 - 03:01 | 05-11-2014 - 11:55 | |
CVE-2014-8545 | 7.5 |
libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other
|
03-12-2016 - 03:01 | 05-11-2014 - 11:55 | |
CVE-2014-8544 | 7.5 |
libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.
|
03-12-2016 - 03:01 | 05-11-2014 - 11:55 | |
CVE-2014-8541 | 7.5 |
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds acces
|
03-12-2016 - 03:01 | 05-11-2014 - 11:55 | |
CVE-2014-8543 | 7.5 |
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact
|
03-12-2016 - 03:01 | 05-11-2014 - 11:55 | |
CVE-2014-8548 | 7.5 |
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.
|
03-12-2016 - 03:01 | 05-11-2014 - 11:55 | |
CVE-2013-4264 | 4.3 |
The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.
|
03-12-2016 - 03:00 | 23-11-2013 - 17:55 | |
CVE-2013-4265 | 10.0 |
The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference. http://cwe.mitre.org/data/definitions/476.html
"CWE-476:
|
03-12-2016 - 03:00 | 23-11-2013 - 17:55 | |
CVE-2013-4263 | 7.5 |
libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write.
|
03-12-2016 - 03:00 | 23-11-2013 - 17:55 | |
CVE-2013-0860 | 4.3 |
The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted pi
|
03-12-2016 - 03:00 | 23-11-2013 - 18:55 | |
CVE-2013-0863 | 9.3 |
Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data.
|
03-12-2016 - 03:00 | 23-11-2013 - 18:55 | |
CVE-2013-0865 | 9.3 |
The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an ou
|
03-12-2016 - 03:00 | 23-11-2013 - 18:55 | |
CVE-2013-0862 | 9.3 |
Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds
|
03-12-2016 - 03:00 | 23-11-2013 - 18:55 | |
CVE-2013-0874 | 9.3 |
The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds array access.
|
03-12-2016 - 03:00 | 23-11-2013 - 17:55 | |
CVE-2013-0866 | 9.3 |
The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.
|
03-12-2016 - 03:00 | 23-11-2013 - 18:55 | |
CVE-2013-0877 | 9.3 |
The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access.
|
03-12-2016 - 03:00 | 23-11-2013 - 17:55 | |
CVE-2013-0868 | 9.3 |
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."
|
03-12-2016 - 03:00 | 23-11-2013 - 18:55 | |
CVE-2013-0864 | 10.0 |
The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via crafted GIF data that triggers an out-of-bounds array
|
03-12-2016 - 03:00 | 23-11-2013 - 18:55 | |
CVE-2013-0873 | 10.0 |
The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses."
|
03-12-2016 - 03:00 | 23-11-2013 - 17:55 | |
CVE-2013-0876 | 9.3 |
Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array a
|
03-12-2016 - 03:00 | 23-11-2013 - 17:55 | |
CVE-2013-0875 | 9.3 |
The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access.
|
03-12-2016 - 03:00 | 23-11-2013 - 17:55 | |
CVE-2013-0867 | 9.3 |
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds arr
|
03-12-2016 - 03:00 | 23-11-2013 - 18:55 | |
CVE-2013-0878 | 9.3 |
The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access.
|
03-12-2016 - 03:00 | 23-11-2013 - 17:55 | |
CVE-2013-0872 | 10.0 |
The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access.
|
03-12-2016 - 03:00 | 23-11-2013 - 17:55 | |
CVE-2013-0861 | 5.0 |
The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout.
|
03-12-2016 - 03:00 | 23-11-2013 - 18:55 | |
CVE-2013-0848 | 9.3 |
The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-
|
16-11-2015 - 19:40 | 07-12-2013 - 21:55 | |
CVE-2013-0852 | 9.3 |
The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.
|
16-11-2015 - 19:40 | 07-12-2013 - 21:55 | |
CVE-2013-0846 | 9.3 |
Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.
|
08-03-2014 - 05:03 | 07-12-2013 - 21:55 | |
CVE-2013-0849 | 9.3 |
The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data.
|
08-03-2014 - 05:03 | 07-12-2013 - 21:55 | |
CVE-2013-0845 | 9.3 |
libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.
|
08-03-2014 - 05:03 | 07-12-2013 - 21:55 | |
CVE-2011-3944 | 6.8 |
The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.
|
08-03-2014 - 04:50 | 09-12-2013 - 16:35 | |
CVE-2012-6618 | 2.6 |
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack
|
21-02-2014 - 04:56 | 24-12-2013 - 20:55 | |
CVE-2013-0854 | 9.3 |
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.
|
28-01-2014 - 04:50 | 07-12-2013 - 21:55 | |
CVE-2013-0850 | 9.3 |
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.
|
28-01-2014 - 04:50 | 07-12-2013 - 21:55 | |
CVE-2013-0853 | 9.3 |
The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.
|
28-01-2014 - 04:50 | 07-12-2013 - 21:55 | |
CVE-2013-0857 | 9.3 |
The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.
|
28-01-2014 - 04:50 | 07-12-2013 - 21:55 | |
CVE-2013-0844 | 9.3 |
Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.
|
28-01-2014 - 04:50 | 07-12-2013 - 21:55 | |
CVE-2011-3941 | 7.5 |
The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write.
|
04-01-2014 - 04:34 | 09-12-2013 - 16:34 | |
CVE-2013-0847 | 9.3 |
The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access.
|
27-12-2013 - 16:28 | 07-12-2013 - 21:55 | |
CVE-2013-0851 | 9.3 |
The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.
|
27-12-2013 - 16:27 | 07-12-2013 - 21:55 | |
CVE-2013-0855 | 9.3 |
Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an ou
|
27-12-2013 - 16:21 | 07-12-2013 - 21:55 | |
CVE-2013-0856 | 9.3 |
The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value.
|
27-12-2013 - 16:19 | 07-12-2013 - 21:55 | |
CVE-2013-0859 | 9.3 |
The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an out-of-bounds array access.
|
27-12-2013 - 16:17 | 07-12-2013 - 21:55 | |
CVE-2012-6617 | 4.3 |
The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.
|
26-12-2013 - 15:42 | 24-12-2013 - 20:55 | |
CVE-2012-6616 | 5.0 |
The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data.
|
26-12-2013 - 15:40 | 24-12-2013 - 20:55 | |
CVE-2012-6615 | 4.3 |
The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text. Per: http://cwe.mitre.org/data/def
|
26-12-2013 - 15:36 | 24-12-2013 - 20:55 | |
CVE-2013-4358 | 5.0 |
libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data.
|
26-12-2013 - 15:28 | 24-12-2013 - 19:55 | |
CVE-2011-3950 | 6.8 |
The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number.
|
10-12-2013 - 17:12 | 09-12-2013 - 16:36 | |
CVE-2011-3949 | 6.8 |
The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.
|
10-12-2013 - 17:11 | 09-12-2013 - 16:36 | |
CVE-2011-3946 | 6.8 |
The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.
|
10-12-2013 - 17:10 | 09-12-2013 - 16:35 | |
CVE-2011-3935 | 6.8 |
The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size.
|
10-12-2013 - 17:07 | 09-12-2013 - 16:34 | |
CVE-2011-3934 | 6.8 |
Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data.
|
10-12-2013 - 17:06 | 09-12-2013 - 16:34 | |
CVE-2011-4351 | 7.5 |
Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.
|
10-12-2013 - 17:04 | 09-12-2013 - 16:36 | |
CVE-2013-0869 | 9.3 |
The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access.
|
27-11-2013 - 16:57 | 23-11-2013 - 18:55 |