Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ffmpeg:ffmpeg:1.2
There are 132 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2016-10191

Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.

Published: February 09, 2017; 10:59:00 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-10190

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.

Published: February 09, 2017; 10:59:00 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-6920

Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.

Published: January 23, 2017; 4:59:02 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-6164

Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.

Published: January 23, 2017; 4:59:01 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-9561

The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.

Published: December 23, 2016; 12:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-8595

The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

Published: December 23, 2016; 12:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-7905

The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.

Published: December 23, 2016; 12:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-7785

The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

Published: December 23, 2016; 12:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-7562

The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.

Published: December 23, 2016; 12:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-7555

The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.

Published: December 23, 2016; 12:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-7502

The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.

Published: December 23, 2016; 12:59:00 AM -0500
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-7450

The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.

Published: December 23, 2016; 12:59:00 AM -0500
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-7122

The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.

Published: December 23, 2016; 12:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-6881

The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.

Published: December 23, 2016; 12:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-6671

The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.

Published: December 23, 2016; 12:59:00 AM -0500
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-2330

libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.

Published: February 12, 2016; 12:59:04 AM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-2329

libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions.

Published: February 12, 2016; 12:59:03 AM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-2328

libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions.

Published: February 12, 2016; 12:59:02 AM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-2327

libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions.

Published: February 12, 2016; 12:59:01 AM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-2326

Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.

Published: February 12, 2016; 12:59:00 AM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM