CVE-2017-9992

CVE-2017-9992 is a vulnerability in FFmpeg/libav where the heap-based buffer overflow occurs in the decode_dds1 function (libavcodec/dfa.c). Affected branches include FFmpeg up to versions: 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1. Exploitation vi...

CVE-2017-9995

FFmpeg 3.3 before 3.3.1 contains a heap-based buffer overflow in libavcodec/scpr.c due to improper validation of height and width in crafted files, enabling a remote attacker to cause denial of service (application crash). Affected component: FFmpeg’s libavcodec/scpr.c; root cause: inadequate bou...

CVE-2017-9992

Heap-based buffer overflow in the decodedds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact vi...

CVE-2017-9991

Heap-based buffer overflow in the xwddecodeframe function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service application crash or possibly have unspecified other...

CVE-2017-9995

libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted file...

CVE-2017-9992

Heap-based buffer overflow in the decodedds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact vi...

CVE-2017-9992

Heap-based buffer overflow in the decodedds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact vi...

FFmpeg 'libavcodec/scpr.c' 'Heap Buffer Overflow Vulnerability'

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the libavcodec/scpr.c file in FFmpeg. A remote attacker could exploit this vulnerability to cause a denial of service heap buffer overflow and application...

FFmpeg 'xwd_decode_frame' function heap buffer overflow vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A heap buffer overflow vulnerability exists in the 'xwddecodeframe' function in the libavcodec/xwddec.c file in FFmpeg. A remote attacker can exploit this vulnerability to cause a denial of...

FFmpeg 'decode_dds1' function heap buffer overflow vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A heap buffer overflow vulnerability exists in the 'decodedds1' function in the libavcodec/dfa.c file in FFmpeg. A remote attacker could exploit this vulnerability to cause a denial of...

FFmpeg 'color_string_to_rgba' function stack buffer overflow vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A stack buffer overflow vulnerability exists in the 'colorstringtorgba' function in the libavcodec/xpmdec.c file in FFmpeg. A remote attacker can exploit this vulnerability to cause a denia...

FFmpeg 'libavcodec/webp.c' heap buffer overflow vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the libavcodec/webp.c file in FFmpeg, which arises from the program failing to ensure that pixfmt is set. A remote attacker could use this vulnerability t...

FFmpeg 'cdxl_decode_frame' heap buffer overflow vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'cdxldecodeframe' function in the libavcodec/cdxl.c file in FFmpeg. A remote attacker can cause a denial of service heap buffer overflow and applicati...

openSUSE Security Update : ffmpeg (openSUSE-2017-524)

This update for ffmpeg to version 3.3 fixes several issues. These security issues were fixed : - CVE-2016-10190: Heap-based buffer overflow in libavformat/http.c in FFmpeg allowed remote web servers to execute arbitrary code via a negative chunk size in an HTTP response boo1022920 - CVE-2016-1019...

FFmpeg 'decode_frame_common' function heap buffer overflow vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A heap buffer overflow vulnerability exists in the 'decodeframecommon' function in the libavcodec/pngdec.c file in FFmpeg. An attacker can exploit this vulnerability to cause a denial of...

FFmpeg 'decode_zbuf' function stack buffer overflow vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A stack buffer overflow vulnerability exists in the 'decodezbuf' function in the libavcodec/pngdec.c file in FFmpe. An attacker can exploit this vulnerability to cause a denial of service...

FFmpeg 'decode_frame' function heap buffer overflow vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A heap buffer overflow vulnerability exists in the 'decodeframe' function of the libavcodec/pictordec.c file in versions of FFmpeg prior to 2017-02-07. An attacker can exploit this...

Stack-based Buffer Overflow

FFmpeg is vulnerable to stack-based buffer overflow attacks. The vulnerability is caused by an off-by-one error which creates an out-of-bound write through the decodezbuf function in libavcodec/pngdec.c...

Out-of-Bounds Write

FFmpeg is vulnerable to an out-of-bounds write. A malicious user can use this to cause a system crash or to overwrite variables currently in the buffer. This can be done using the ipvideodecodeblockopcode0xA function in libavcodec/interplayvideo.c and the avcodecaligndimensions2 function in...

Out-of-Bounds Write

FFmpeg is vulnerable to an out-of-bounds write. A malicious user can use this to cause a system crash or to overwrite variables currently in the buffer. This can be done using the decodeframecommon function in libavcodec/pngdec.c...