U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ffmpeg:ffmpeg:0.10.11
There are 184 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2013-7024

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:50 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7023

The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

Published: December 09, 2013; 11:36:50 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7022

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.

Published: December 09, 2013; 11:36:50 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7021

The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data.

Published: December 09, 2013; 11:36:50 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7020

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

Published: December 09, 2013; 11:36:49 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7019

The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7018

libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7017

libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7016

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:49 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7015

The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.

Published: December 09, 2013; 11:36:49 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7014

Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.

Published: December 09, 2013; 11:36:48 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7013

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.

Published: December 09, 2013; 11:36:48 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7012

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Published: December 09, 2013; 11:36:48 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7011

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

Published: December 09, 2013; 11:36:48 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7010

Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.

Published: December 09, 2013; 11:36:48 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7009

The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.

Published: December 09, 2013; 11:36:47 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-7008

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.

Published: December 09, 2013; 11:36:47 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0859

The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an out-of-bounds array access.

Published: December 07, 2013; 4:55:10 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0858

The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.

Published: December 07, 2013; 4:55:09 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0857

The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.

Published: December 07, 2013; 4:55:09 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH