Lookup for vulnerable packages by Package URL.
| Purl | pkg:deb/debian/ffmpeg@7:2.8.3-1?distro=trixie |
|---|
| Type | deb |
|---|
| Namespace | debian |
|---|
| Name | ffmpeg |
|---|
| Version | 7:2.8.3-1 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 7:2.8.4-1 |
|---|
| Latest_non_vulnerable_version | 7:8.1.1-3 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-4hm1-qmkn-u3fn |
| vulnerability_id |
VCID-4hm1-qmkn-u3fn |
| summary |
The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2015-8363
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4hm1-qmkn-u3fn |
|
| 1 |
| url |
VCID-hwug-vwnc-57ep |
| vulnerability_id |
VCID-hwug-vwnc-57ep |
| summary |
The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2015-8661
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hwug-vwnc-57ep |
|
| 2 |
| url |
VCID-w7ab-ndb3-syg2 |
| vulnerability_id |
VCID-w7ab-ndb3-syg2 |
| summary |
Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2015-8364
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w7ab-ndb3-syg2 |
|
| 3 |
| url |
VCID-zp5p-xj1v-r7c1 |
| vulnerability_id |
VCID-zp5p-xj1v-r7c1 |
| summary |
The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2015-8365
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zp5p-xj1v-r7c1 |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:2.8.3-1%3Fdistro=trixie |
|---|