Search for packages
| purl | pkg:deb/ubuntu/ffmpeg@7:3.1.5-1 |
| Next non-vulnerable version | 7:4.2.4-1ubuntu0.1 |
| Latest non-vulnerable version | 7:4.2.4-1ubuntu0.1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-14m2-nkuw-aaad
Aliases: CVE-2018-1999011 |
FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later. |
Affected by 8 other vulnerabilities. |
|
VCID-15et-tcvg-aaab
Aliases: CVE-2016-5199 |
An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
Affected by 70 other vulnerabilities. |
|
VCID-1q1z-tvdv-aaad
Aliases: CVE-2017-9996 |
The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. |
Affected by 56 other vulnerabilities. |
|
VCID-2mf8-732n-aaad
Aliases: CVE-2017-9993 |
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. |
Affected by 56 other vulnerabilities. |
|
VCID-3m7x-ghyy-aaas
Aliases: CVE-2017-17081 |
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. |
Affected by 33 other vulnerabilities. |
|
VCID-4kfh-pqwk-aaam
Aliases: CVE-2020-12284 |
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. |
Affected by 0 other vulnerabilities. |
|
VCID-4n1q-khpd-aaaf
Aliases: CVE-2018-1999015 |
FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. |
Affected by 8 other vulnerabilities. |
|
VCID-4pjh-7ahs-aaak
Aliases: CVE-2019-9718 |
In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. |
Affected by 23 other vulnerabilities. |
|
VCID-586c-hyzz-aaag
Aliases: CVE-2017-9608 |
The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. |
Affected by 35 other vulnerabilities. |
|
VCID-5q5c-26r2-aaad
Aliases: CVE-2016-9561 |
The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. |
Affected by 64 other vulnerabilities. |
|
VCID-6jax-8p9w-aaaq
Aliases: CVE-2018-14394 |
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. |
Affected by 25 other vulnerabilities. |
|
VCID-6w2t-jdhk-aaak
Aliases: CVE-2018-1999013 |
FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later. |
Affected by 16 other vulnerabilities. |
|
VCID-74nt-rjfe-aaac
Aliases: CVE-2017-9051 |
libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c. |
Affected by 61 other vulnerabilities. |
|
VCID-7dn2-r1a7-aaae
Aliases: CVE-2017-14170 |
In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file. |
Affected by 42 other vulnerabilities. |
|
VCID-8u2m-qhwh-aaaf
Aliases: CVE-2017-14169 |
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. |
Affected by 42 other vulnerabilities. |
|
VCID-9aua-7ce1-aaap
Aliases: CVE-2019-13390 |
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. |
Affected by 3 other vulnerabilities. |
|
VCID-9qcr-482k-aaan
Aliases: CVE-2017-9992 |
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
Affected by 56 other vulnerabilities. |
|
VCID-9qxa-qwwt-aaag
Aliases: CVE-2017-7862 |
FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. |
Affected by 62 other vulnerabilities. |
|
VCID-b4ay-xbyg-aaaa
Aliases: CVE-2017-5024 |
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
Affected by 64 other vulnerabilities. |
|
VCID-b6gm-xpgj-aaag
Aliases: CVE-2017-5025 |
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
Affected by 64 other vulnerabilities. |
|
VCID-bcq9-t15m-aaaj
Aliases: CVE-2018-6392 |
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. |
Affected by 32 other vulnerabilities. |
|
VCID-bh3j-qqba-aaah
Aliases: CVE-2017-11665 |
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. |
Affected by 35 other vulnerabilities. |
|
VCID-bqba-t4n4-aaaa
Aliases: CVE-2018-1999012 |
FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later. |
Affected by 16 other vulnerabilities. |
|
VCID-bzw7-6zte-aaap
Aliases: CVE-2017-14057 |
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. |
Affected by 42 other vulnerabilities. |
|
VCID-cbs9-ghtb-aaad
Aliases: CVE-2018-13303 |
In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. |
Affected by 16 other vulnerabilities. |
|
VCID-cbxw-vtb2-aaaa
Aliases: CVE-2017-9994 |
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. |
Affected by 56 other vulnerabilities. |
|
VCID-dz27-wtfq-aaas
Aliases: CVE-2017-14223 |
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. |
Affected by 42 other vulnerabilities. |
|
VCID-emyq-4jsu-aaaf
Aliases: CVE-2018-14395 |
libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. |
Affected by 25 other vulnerabilities. |
|
VCID-eryp-xht1-aaaj
Aliases: CVE-2016-10192 |
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. |
Affected by 67 other vulnerabilities. |
|
VCID-fgfq-kanq-aaad
Aliases: CVE-2016-10190 |
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. |
Affected by 67 other vulnerabilities. |
|
VCID-fnav-hxbn-aaae
Aliases: CVE-2018-6621 |
The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. |
Affected by 31 other vulnerabilities. |
|
VCID-futc-s8u6-aaah
Aliases: CVE-2017-14767 |
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. |
Affected by 35 other vulnerabilities. |
|
VCID-fwv9-gp8j-aaah
Aliases: CVE-2018-15822 |
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. |
Affected by 12 other vulnerabilities. |
|
VCID-g5e6-nvsq-aaaj
Aliases: CVE-2017-15672 |
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. |
Affected by 35 other vulnerabilities. |
|
VCID-g8n8-s1a4-aaaf
Aliases: CVE-2017-14222 |
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. |
Affected by 42 other vulnerabilities. |
|
VCID-gj7w-e6y9-aaap
Aliases: CVE-2017-14058 |
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). |
Affected by 42 other vulnerabilities. |
|
VCID-gm7x-n9ub-aaak
Aliases: CVE-2019-17542 |
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. |
Affected by 3 other vulnerabilities. |
|
VCID-gz39-sv5n-aaab
Aliases: CVE-2016-10191 |
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. |
Affected by 67 other vulnerabilities. |
|
VCID-hcvr-k8rp-aaag
Aliases: CVE-2019-9721 |
A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. |
Affected by 23 other vulnerabilities. |
|
VCID-j9je-s5ab-aaah
Aliases: CVE-2019-13312 |
block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. |
Affected by 0 other vulnerabilities. |
|
VCID-jkhj-2usb-aaaf
Aliases: CVE-2019-12730 |
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. |
Affected by 6 other vulnerabilities. |
|
VCID-k7pc-r371-aaas
Aliases: CVE-2018-10001 |
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. |
Affected by 25 other vulnerabilities. |
|
VCID-kfuh-tb3c-aaar
Aliases: CVE-2018-7751 |
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. |
Affected by 21 other vulnerabilities. |
|
VCID-m98q-kzrc-aaac
Aliases: CVE-2017-14056 |
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops. |
Affected by 42 other vulnerabilities. |
|
VCID-mmb7-pkvg-aaas
Aliases: CVE-2017-11399 |
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. |
Affected by 35 other vulnerabilities. |
|
VCID-mp12-nmvu-aaad
Aliases: CVE-2017-16840 |
The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. |
Affected by 33 other vulnerabilities. |
|
VCID-n53j-kbj9-aaaf
Aliases: CVE-2018-12458 |
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. |
Affected by 25 other vulnerabilities. |
|
VCID-nc25-w5ga-aaah
Aliases: CVE-2017-14059 |
In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. |
Affected by 42 other vulnerabilities. |
|
VCID-npzp-bxuk-aaaj
Aliases: CVE-2017-7859 |
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. |
Affected by 54 other vulnerabilities. |
|
VCID-p14s-ajvn-aaaq
Aliases: CVE-2012-6618 |
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate." |
Affected by 22 other vulnerabilities. |
|
VCID-pdga-yrz9-aaar
Aliases: CVE-2020-13904 |
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. |
Affected by 0 other vulnerabilities. |
|
VCID-phkk-1d4g-aaaa
Aliases: CVE-2017-11719 |
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. |
Affected by 35 other vulnerabilities. |
|
VCID-px3s-9gbb-aaaq
Aliases: CVE-2018-13301 |
In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. |
Affected by 13 other vulnerabilities. |
|
VCID-qak4-m8wy-aaag
Aliases: CVE-2018-7557 |
The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. |
Affected by 25 other vulnerabilities. |
|
VCID-sa36-epvb-aaam
Aliases: CVE-2017-14054 |
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop. |
Affected by 42 other vulnerabilities. |
|
VCID-sdc4-htrd-aaac
Aliases: CVE-2018-1999014 |
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later. |
Affected by 8 other vulnerabilities. |
|
VCID-shay-9ke5-aaar
Aliases: CVE-2018-1999010 |
FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later. |
Affected by 16 other vulnerabilities. |
|
VCID-sueb-tnh7-aaae
Aliases: CVE-2017-1000460 |
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. |
Affected by 55 other vulnerabilities. |
|
VCID-sxdk-76zw-aaae
Aliases: CVE-2018-13300 |
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. |
Affected by 14 other vulnerabilities. |
|
VCID-syuw-8e9k-aaab
Aliases: CVE-2018-13305 |
In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. |
Affected by 8 other vulnerabilities. |
|
VCID-trtj-axhb-aaak
Aliases: CVE-2017-14171 |
In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop. |
Affected by 42 other vulnerabilities. |
|
VCID-tusb-x1tq-aaam
Aliases: CVE-2016-8595 |
The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. |
Affected by 70 other vulnerabilities. |
|
VCID-u27y-k5py-aaar
Aliases: CVE-2018-13304 |
In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c. |
Affected by 16 other vulnerabilities. |
|
VCID-umr3-nguf-aaak
Aliases: CVE-2017-7863 |
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. |
Affected by 62 other vulnerabilities. |
|
VCID-urpq-5tst-aaae
Aliases: CVE-2019-11338 |
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. |
Affected by 7 other vulnerabilities. |
|
VCID-uw9m-efdf-aaan
Aliases: CVE-2018-9841 |
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename. |
Affected by 25 other vulnerabilities. |
|
VCID-uy5s-m45w-aaah
Aliases: CVE-2017-14055 |
In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop. |
Affected by 42 other vulnerabilities. |
|
VCID-vmn5-9pwf-aaar
Aliases: CVE-2019-17539 |
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. |
Affected by 3 other vulnerabilities. |
|
VCID-wdwe-3jym-aaar
Aliases: CVE-2018-13302 |
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact. |
Affected by 14 other vulnerabilities. |
|
VCID-x36b-m4rd-aaac
Aliases: CVE-2017-15186 |
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. |
Affected by 35 other vulnerabilities. |
|
VCID-xabt-8jr6-aaag
Aliases: CVE-2017-14225 |
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) |
Affected by 42 other vulnerabilities. |
|
VCID-zye3-r32m-aaah
Aliases: CVE-2017-9991 |
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
Affected by 56 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4ecp-dfmd-aaah | The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. |
CVE-2016-7785
|
| VCID-7mj8-x82v-aaak | The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. |
CVE-2016-7502
|
| VCID-8rdd-jbf1-aaap | The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. |
CVE-2016-7562
|
| VCID-ew2u-jpnp-aaar | The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. |
CVE-2016-7555
|
| VCID-m83j-rv88-aaag | The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. |
CVE-2016-7122
|
| VCID-p5az-wb4u-aaah | The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. |
CVE-2016-7905
|
| VCID-q6tj-6jpa-aaae | Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. |
CVE-2016-6920
|
| VCID-rvnw-86za-aaag | The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. |
CVE-2016-6881
|
| VCID-vr1w-btuh-aaae | The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. |
CVE-2016-7450
|
| VCID-yheh-pp5h-aaam | The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. |
CVE-2016-6671
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|