National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ffmpeg:ffmpeg:1.0.5
There are 144 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2013-7024

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:50 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7023

The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

Published: December 09, 2013; 11:36:50 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7022

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.

Published: December 09, 2013; 11:36:50 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7021

The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data.

Published: December 09, 2013; 11:36:50 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7020

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7019

The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7018

libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7017

libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7016

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7015

The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7014

Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7013

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7012

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7011

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7010

Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7009

The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.

Published: December 09, 2013; 11:36:47 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7008

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.

Published: December 09, 2013; 11:36:47 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-0869

The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access.

Published: November 23, 2013; 01:55:04 PM -05:00
    V2: 9.3 HIGH
CVE-2013-0868

libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."

Published: November 23, 2013; 01:55:04 PM -05:00
    V2: 9.3 HIGH
CVE-2013-0867

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access.

Published: November 23, 2013; 01:55:04 PM -05:00
    V2: 9.3 HIGH