Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*
There are 241 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2012-0849

Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value.

Published: August 27, 2012; 7:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-4579

The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed."

Published: August 20, 2012; 4:55:03 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-4364

Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams.

Published: August 20, 2012; 4:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-4353

The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream.

Published: August 20, 2012; 4:55:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-4352

Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow.

Published: August 20, 2012; 4:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3945

The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.

Published: August 20, 2012; 4:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0857

Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors.

Published: August 20, 2012; 3:55:05 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0856

Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file. NOTE: this vulnerability exists because of a regression error.

Published: August 20, 2012; 3:55:05 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2012-0854

The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors, which triggers a heap-based buffer overflow.

Published: August 20, 2012; 3:55:05 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0850

The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow.

Published: August 20, 2012; 3:55:04 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0847

Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file.

Published: August 20, 2012; 3:55:03 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0859

The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893.

Published: August 20, 2012; 2:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0853

The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.

Published: August 20, 2012; 2:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0852

The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.

Published: August 20, 2012; 2:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0851

The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value.

Published: August 20, 2012; 2:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3952

The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.

Published: August 20, 2012; 2:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3951

The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file.

Published: August 20, 2012; 2:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3936

The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.

Published: August 20, 2012; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-4031

Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet.

Published: May 09, 2012; 6:33:14 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3974

Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.

Published: October 02, 2011; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM