Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 251 matching records.
Displaying matches 241 through 251.
Vuln ID Summary CVSS Severity
CVE-2011-3504

The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.

Published: September 28, 2011; 8:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1931

sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.

Published: July 07, 2011; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-2162

Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."

Published: May 20, 2011; 6:55:06 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2011-2161

The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.

Published: May 20, 2011; 6:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-2160

The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723.

Published: May 20, 2011; 6:55:05 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-0723

FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file.

Published: May 20, 2011; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-0722

FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.

Published: May 20, 2011; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-3908

FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.

Published: May 20, 2011; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-4704

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.

Published: January 22, 2011; 5:00:04 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3429

flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."

Published: September 30, 2010; 11:00:03 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-0385

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

Published: February 02, 2009; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH