National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ffmpeg:ffmpeg:2.0.2
There are 106 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2016-1897

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.

Published: January 14, 2016; 10:59:23 PM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-8662

The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.

Published: December 23, 2015; 08:59:04 PM -05:00
V3.0: 7.3 HIGH
    V2: 7.5 HIGH
CVE-2015-8661

The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data.

Published: December 23, 2015; 08:59:04 PM -05:00
V3.0: 8.3 HIGH
    V2: 7.5 HIGH
CVE-2015-8219

The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.

Published: November 16, 2015; 08:59:04 PM -05:00
    V2: 7.5 HIGH
CVE-2015-8218

The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.

Published: November 16, 2015; 08:59:02 PM -05:00
    V2: 6.8 MEDIUM
CVE-2015-8217

The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data.

Published: November 16, 2015; 08:59:01 PM -05:00
    V2: 7.5 HIGH
CVE-2015-8216

The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

Published: November 16, 2015; 08:59:00 PM -05:00
    V2: 7.5 HIGH
CVE-2015-6761

The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file.

Published: October 15, 2015; 06:59:06 AM -04:00
    V2: 6.8 MEDIUM
CVE-2015-6826

The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.

Published: September 05, 2015; 10:59:09 PM -04:00
    V2: 7.5 HIGH
CVE-2015-6825

The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file.

Published: September 05, 2015; 10:59:08 PM -04:00
    V2: 7.5 HIGH
CVE-2015-6824

The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.

Published: September 05, 2015; 10:59:07 PM -04:00
    V2: 7.5 HIGH
CVE-2015-6823

The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.

Published: September 05, 2015; 10:59:06 PM -04:00
    V2: 7.5 HIGH
CVE-2015-6822

The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.

Published: September 05, 2015; 10:59:05 PM -04:00
    V2: 7.5 HIGH
CVE-2015-6821

The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.

Published: September 05, 2015; 10:59:04 PM -04:00
    V2: 7.5 HIGH
CVE-2015-6820

The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.

Published: September 05, 2015; 10:59:02 PM -04:00
    V2: 7.5 HIGH
CVE-2015-6819

Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

Published: September 05, 2015; 10:59:01 PM -04:00
    V2: 7.5 HIGH
CVE-2015-6818

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.

Published: September 05, 2015; 10:59:00 PM -04:00
    V2: 7.5 HIGH
CVE-2015-1872

The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data.

Published: July 26, 2015; 06:59:01 PM -04:00
    V2: 6.8 MEDIUM
CVE-2015-3417

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.

Published: April 24, 2015; 01:59:03 PM -04:00
    V2: 6.8 MEDIUM
CVE-2014-9676

The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

Published: February 27, 2015; 08:59:00 PM -05:00
    V2: 6.8 MEDIUM