National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ffmpeg:ffmpeg:0.7.7
There are 243 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2013-7020

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7019

The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7018

libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7017

libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7016

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7015

The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7014

Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7013

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7012

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7011

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7010

Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7009

The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.

Published: December 09, 2013; 11:36:47 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7008

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.

Published: December 09, 2013; 11:36:47 AM -05:00
    V2: 6.8 MEDIUM
CVE-2011-4351

Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.

Published: December 09, 2013; 11:36:43 AM -05:00
    V2: 7.5 HIGH
CVE-2011-3950

The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number.

Published: December 09, 2013; 11:36:25 AM -05:00
    V2: 6.8 MEDIUM
CVE-2011-3949

The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.

Published: December 09, 2013; 11:36:09 AM -05:00
    V2: 6.8 MEDIUM
CVE-2011-3946

The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.

Published: December 09, 2013; 11:35:44 AM -05:00
    V2: 6.8 MEDIUM
CVE-2011-3944

The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.

Published: December 09, 2013; 11:35:18 AM -05:00
    V2: 6.8 MEDIUM
CVE-2011-3941

The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write.

Published: December 09, 2013; 11:34:56 AM -05:00
    V2: 7.5 HIGH
CVE-2011-3935

The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size.

Published: December 09, 2013; 11:34:28 AM -05:00
    V2: 6.8 MEDIUM