CVE-2017-14034

The restoretqbpixels function in hevcfilter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified other impa...

FFmpeg Buffer Out-of-Bounds Read Vulnerability

FFmpeg is a set of open source computer programs that can be used to record, convert digital audio and video to streams under the LGPL or GPL license. A buffer out-of-bounds read vulnerability exists in the readheader function in libavcodec/ffv1dec.c in 3.3.4 and earlier versions of Ffmpeg. An...

Out-of-bounds

The readheader function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read...

CVE-2017-15672

CVE-2017-15672 affects FFmpeg’s libavcodec/ffv1dec.c: a crafted MP4 file can trigger an out-of-bounds read, impacting FFmpeg 2.4/3.3.4 (and possibly earlier). Connected advisories confirm the vulnerability and document fixes in later FFmpeg releases (e.g., openSUSE openSUSE-2018-172 patching to 3...

Memory corruption vulnerability exists in QQ Video (CNVD-2017-34291)

QQ Video is a local player from Tencent that supports movie and music files in any format. A memory corruption vulnerability exists in the libavcodec module of QQ Video Player when parsing certain format ogg files, which can be exploited by attackers to cause a denial of service attack...

CVE-2017-14795

The hevcwriteframe function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hlspcmsample in hevc.c in libavcodec in FFmp...

CVE-2017-14796

The hevcwriteframe function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service integer underflow and application crash or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copyCTBtohv in hevcfilter.c in libavcodec in...

Integer overflow

The hevcwriteframe function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service integer underflow and application crash or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copyCTBtohv in hevcfilter.c in libavcodec in...

Out-of-bounds

The hevcwriteframe function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hlspcmsample in hevc.c in libavcodec in FFmp...

CVE-2017-14796

The hevcwriteframe function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service integer underflow and application crash or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copyCTBtohv in hevcfilter.c in libavcodec in...

Null pointer dereference

The avcolorprimariesname function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodecstring function in libavcodec/utils.c, leading to a NULL pointer dereference. It is also...

CVE-2017-14225

The avcolorprimariesname function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodecstring function in libavcodec/utils.c, leading to a NULL pointer dereference. It is also...

FFmpeg 'libavcodec/dnxhddec.c' Denial of Service Vulnerability

FFmpeg is a free program that performs recording, transferring and streaming of audio and video in various formats. A security vulnerability in the processing of DNxHD files by the FFmpeg libavcodec/dnxhddec.c/dnxhddecodeheader function allows an attacker to exploit the vulnerability by submittin...

ALPINE-CVE-2017-11719

The dnxhddecodeheader function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service out-of-array access or possibly have unspecified other impact via a crafted DNxHD file...

Design/Logic Flaw

The dnxhddecodeheader function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service out-of-array access or possibly have unspecified other impact via a crafted DNxHD file...

Libav Denial of Service Vulnerability (CNVD-2017-26313)

Libav formerly FFmpeg is Libav team's set of cross-platform audio and video can be recorded, converted to a solution, which includes a libavcodec encoder. A security vulnerability exists in the 'buildtable' function of the libavcodec/bitstream.c file in Libav version 12.1. A remote attacker can...

ALPINE-CVE-2017-11399

Integer overflow in the apedecodeframe function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service out-of-array access and application crash or possibly have unspecified other impact via a crafted APE file...

CVE-2017-11399

Integer overflow in the apedecodeframe function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service out-of-array access and application crash or possibly have unspecified other impact via a crafted APE file...

CVE-2017-11399

Integer overflow in the apedecodeframe function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service out-of-array access and application crash or possibly have unspecified other impact via a crafted APE file...

CVE-2017-11399

CVE-2017-11399 : FFmpeg (versions 2.4–3.3.2) is affected by an integer overflow in the ape_decode_frame function of libavcodec/apedec.c, which can be triggered by a crafted APE file to cause a denial of service (out-of-bounds access and crash) or potentially other impact. The connected advisories...