National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ffmpeg:ffmpeg:0.10.11
There are 171 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2016-6920

Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.

Published: January 23, 2017; 04:59:02 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-6164

Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.

Published: January 23, 2017; 04:59:01 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-9561

The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.

Published: December 23, 2016; 12:59:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-8595

The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

Published: December 23, 2016; 12:59:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-7905

The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.

Published: December 23, 2016; 12:59:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-7785

The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

Published: December 23, 2016; 12:59:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-7562

The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.

Published: December 23, 2016; 12:59:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-7555

The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.

Published: December 23, 2016; 12:59:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-7502

The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.

Published: December 23, 2016; 12:59:00 AM -05:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-7450

The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.

Published: December 23, 2016; 12:59:00 AM -05:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-7122

The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.

Published: December 23, 2016; 12:59:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-6881

The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.

Published: December 23, 2016; 12:59:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-6671

The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.

Published: December 23, 2016; 12:59:00 AM -05:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

Published: June 16, 2016; 02:59:08 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-2330

libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.

Published: February 12, 2016; 12:59:04 AM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-2329

libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions.

Published: February 12, 2016; 12:59:03 AM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-2328

libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions.

Published: February 12, 2016; 12:59:02 AM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-2327

libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions.

Published: February 12, 2016; 12:59:01 AM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-2326

Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.

Published: February 12, 2016; 12:59:00 AM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-2213

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.

Published: February 03, 2016; 09:59:00 AM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM