| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. |
| The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. |
| The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed." |
| The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate." |
| Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to an "out of picture write." |
| sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file. |
| The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file. |
| The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads." |
| The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file. |
| Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file. |
| cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. |
| The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data. |
| The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data. |
| Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. |
| libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480. |
| The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message. |
| The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data. |
| The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data. |
| libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write. |
| Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access. |
