Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
There are 257 matching records.
Displaying matches 241 through 257.
Vuln ID Summary CVSS Severity
CVE-2011-2161

The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.

Published: May 20, 2011; 6:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-2160

The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723.

Published: May 20, 2011; 6:55:05 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-0722

FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.

Published: May 20, 2011; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-3908

FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.

Published: May 20, 2011; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-4704

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.

Published: January 22, 2011; 5:00:04 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3429

flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."

Published: September 30, 2010; 11:00:03 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-4640

Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.

Published: February 09, 2010; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-4639

The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error.

Published: February 09, 2010; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-4638

Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

Published: February 09, 2010; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-4637

FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.

Published: February 09, 2010; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-4636

FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop.

Published: February 09, 2010; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-4635

FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.

Published: February 09, 2010; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-4634

Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.

Published: February 09, 2010; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-4633

vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow.

Published: February 09, 2010; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2009-4632

oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read.

Published: February 09, 2010; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2009-4631

Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption.

Published: February 09, 2010; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-0385

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

Published: February 02, 2009; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH