Filtered by vendor Ffmpeg Subscriptions
Total 441 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-14054 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.
CVE-2017-11719 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.
CVE-2017-11665 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.
CVE-2017-11399 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.
CVE-2017-1000460 3 Ffmpeg, Google, Libav 3 Ffmpeg, Chrome, Libav 2024-11-21 N/A
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
CVE-2016-9561 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.
CVE-2016-8595 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
CVE-2016-7905 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.
CVE-2016-7785 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
CVE-2016-7562 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.
CVE-2016-7555 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.
CVE-2016-7502 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.
CVE-2016-7450 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.
CVE-2016-7122 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.
CVE-2016-6920 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.
CVE-2016-6881 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.
CVE-2016-6671 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.
CVE-2016-6164 1 Ffmpeg 1 Ffmpeg 2024-11-21 N/A
Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.
CVE-2016-3062 4 Debian, Ffmpeg, Libav and 1 more 4 Debian Linux, Ffmpeg, Libav and 1 more 2024-11-21 N/A
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
CVE-2016-2839 3 Ffmpeg, Linux, Mozilla 3 Ffmpeg, Linux Kernel, Firefox 2024-11-21 N/A
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.