U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ffmpeg:ffmpeg:1.2
There are 137 matching records.
Displaying matches 121 through 137.
Vuln ID Summary CVSS Severity
CVE-2013-7015

The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.

Published: December 09, 2013; 11:36:49 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7014

Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.

Published: December 09, 2013; 11:36:48 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7013

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.

Published: December 09, 2013; 11:36:48 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7012

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:48 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7011

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

Published: December 09, 2013; 11:36:48 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7010

Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

Published: December 09, 2013; 11:36:48 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7009

The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.

Published: December 09, 2013; 11:36:47 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7008

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.

Published: December 09, 2013; 11:36:47 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-4265

The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference.

Published: November 23, 2013; 12:55:03 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-4264

The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.

Published: November 23, 2013; 12:55:03 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-4263

libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write.

Published: November 23, 2013; 12:55:03 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-3675

The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data.

Published: June 09, 2013; 11:19:55 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-3674

The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data.

Published: June 09, 2013; 11:19:55 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-3673

The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data.

Published: June 09, 2013; 11:19:55 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-3672

The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data.

Published: June 09, 2013; 11:19:54 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-3671

The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message.

Published: June 09, 2013; 11:19:54 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-3670

The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release.

Published: June 09, 2013; 11:19:54 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM