National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ffmpeg:ffmpeg:1.3:dev
There are 122 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2013-7024

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:50 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7023

The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

Published: December 09, 2013; 11:36:50 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7022

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.

Published: December 09, 2013; 11:36:50 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7021

The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data.

Published: December 09, 2013; 11:36:50 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7020

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7019

The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7018

libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7017

libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7016

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7015

The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.

Published: December 09, 2013; 11:36:49 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7014

Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7013

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7012

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7011

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7010

Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

Published: December 09, 2013; 11:36:48 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7009

The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.

Published: December 09, 2013; 11:36:47 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-7008

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.

Published: December 09, 2013; 11:36:47 AM -05:00
    V2: 6.8 MEDIUM
CVE-2013-4265

The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference.

Published: November 23, 2013; 12:55:03 PM -05:00
    V2: 10.0 HIGH
CVE-2013-4264

The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.

Published: November 23, 2013; 12:55:03 PM -05:00
    V2: 4.3 MEDIUM
CVE-2013-4263

libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write.

Published: November 23, 2013; 12:55:03 PM -05:00
    V2: 7.5 HIGH