U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ffmpeg:ffmpeg:0.5.10
There are 247 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2015-8218

The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.

Published: November 16, 2015; 8:59:02 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-8217

The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data.

Published: November 16, 2015; 8:59:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-8216

The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

Published: November 16, 2015; 8:59:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6761

The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file.

Published: October 15, 2015; 6:59:06 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-6826

The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.

Published: September 05, 2015; 10:59:09 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6825

The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file.

Published: September 05, 2015; 10:59:08 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6824

The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.

Published: September 05, 2015; 10:59:07 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6823

The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.

Published: September 05, 2015; 10:59:06 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6822

The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.

Published: September 05, 2015; 10:59:05 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6821

The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.

Published: September 05, 2015; 10:59:04 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6820

The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.

Published: September 05, 2015; 10:59:02 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6819

Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

Published: September 05, 2015; 10:59:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6818

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.

Published: September 05, 2015; 10:59:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1872

The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data.

Published: July 26, 2015; 6:59:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-3417

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.

Published: April 24, 2015; 1:59:03 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-9676

The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

Published: February 27, 2015; 8:59:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-7937

Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.

Published: January 22, 2015; 5:59:18 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-7933

Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data.

Published: January 22, 2015; 5:59:14 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9604

libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.

Published: January 16, 2015; 3:59:02 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9603

The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data.

Published: January 16, 2015; 3:59:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH