U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ffmpeg:ffmpeg:2.7.1
There are 87 matching records.
Displaying matches 81 through 87.
Vuln ID Summary CVSS Severity
CVE-2015-6824

The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.

Published: September 05, 2015; 10:59:07 PM -0400 		V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2015-6823

The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.

Published: September 05, 2015; 10:59:06 PM -0400 		V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2015-6822

The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.

Published: September 05, 2015; 10:59:05 PM -0400 		V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2015-6821

The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.

Published: September 05, 2015; 10:59:04 PM -0400 		V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2015-6820

The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.

Published: September 05, 2015; 10:59:02 PM -0400 		V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2015-6819

Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

Published: September 05, 2015; 10:59:01 PM -0400 		V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2015-6818

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.

Published: September 05, 2015; 10:59:00 PM -0400 		V3.x:(not available)
 V2.0: 7.5 HIGH