Filtered by vendor Ffmpeg
Subscriptions
Total
441 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-6820 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2024-08-06 | N/A |
The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data. | ||||
CVE-2015-6823 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. | ||||
CVE-2015-6824 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2024-08-06 | N/A |
The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. | ||||
CVE-2015-6818 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2024-08-06 | N/A |
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. | ||||
CVE-2015-6826 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2024-08-06 | N/A |
The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data. | ||||
CVE-2015-6761 | 3 Ffmpeg, Google, Redhat | 3 Ffmpeg, Chrome, Rhel Extras | 2024-08-06 | N/A |
The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. | ||||
CVE-2015-6822 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. | ||||
CVE-2015-6819 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. | ||||
CVE-2015-6821 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data. | ||||
CVE-2015-6825 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file. | ||||
CVE-2015-3417 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-08-06 | N/A |
Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data. | ||||
CVE-2015-3395 | 3 Canonical, Ffmpeg, Libav | 3 Ubuntu Linux, Ffmpeg, Libav | 2024-08-06 | N/A |
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. | ||||
CVE-2015-1872 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2024-08-06 | N/A |
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. | ||||
CVE-2015-1208 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. | ||||
CVE-2016-10190 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. | ||||
CVE-2016-10191 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. | ||||
CVE-2016-10192 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. | ||||
CVE-2016-9561 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. | ||||
CVE-2016-8595 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | ||||
CVE-2016-7905 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. |