National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ffmpeg:ffmpeg:0.7.17
There are 231 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2013-3671

The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message.

Published: June 09, 2013; 11:19:54 PM -04:00
    V2: 4.3 MEDIUM
CVE-2013-3670

The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release.

Published: June 09, 2013; 11:19:54 PM -04:00
    V2: 4.3 MEDIUM
CVE-2013-2496

The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data.

Published: March 09, 2013; 06:55:01 AM -05:00
    V2: 7.5 HIGH
CVE-2013-2495

The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header.

Published: March 09, 2013; 06:55:01 AM -05:00
    V2: 7.5 HIGH
CVE-2013-2277

The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data.

Published: February 27, 2013; 11:55:02 AM -05:00
    V2: 7.5 HIGH
CVE-2013-2276

The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data.

Published: February 27, 2013; 11:55:02 AM -05:00
    V2: 7.5 HIGH
CVE-2011-3937

The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads."

Published: January 04, 2013; 07:55:02 PM -05:00
    V2: 10.0 HIGH
CVE-2012-2804

Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width.

Published: September 10, 2012; 06:55:04 PM -04:00
    V2: 10.0 HIGH
CVE-2012-2803

Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value.

Published: September 10, 2012; 06:55:04 PM -04:00
    V2: 10.0 HIGH
CVE-2012-2802

Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes."

Published: September 10, 2012; 06:55:04 PM -04:00
    V2: 10.0 HIGH
CVE-2012-2801

Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes."

Published: September 10, 2012; 06:55:04 PM -04:00
    V2: 10.0 HIGH
CVE-2012-2800

Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array."

Published: September 10, 2012; 06:55:04 PM -04:00
    V2: 10.0 HIGH
CVE-2012-2799

Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "put bit buffer when num_saved_bits is reset."

Published: September 10, 2012; 06:55:04 PM -04:00
    V2: 10.0 HIGH
CVE-2012-2798

Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."

Published: September 10, 2012; 06:55:04 PM -04:00
    V2: 10.0 HIGH
CVE-2012-2797

Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."

Published: September 10, 2012; 06:55:04 PM -04:00
    V2: 10.0 HIGH
CVE-2012-2796

Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."

Published: September 10, 2012; 06:55:03 PM -04:00
    V2: 10.0 HIGH
CVE-2012-2795

Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3) "too many bits in decode_channel_residues()."

Published: September 10, 2012; 06:55:03 PM -04:00
    V2: 10.0 HIGH
CVE-2012-2794

Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters."

Published: September 10, 2012; 06:55:03 PM -04:00
    V2: 10.0 HIGH
CVE-2012-2793

Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros."

Published: September 10, 2012; 06:55:03 PM -04:00
    V2: 10.0 HIGH
CVE-2012-2792

Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame.

Published: September 10, 2012; 06:55:03 PM -04:00
    V2: 10.0 HIGH