CVE-2015-8216

The ljpegdecodeyuvscan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted MJPEG data...

Out-of-bounds

The inittile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JP...

CVE-2015-8218

The CVE-2015-8218 issue affects FFmpeg’s libavcodec/faxcompr.c: the decode_uncompressed function does not validate uncompressed runs, enabling a remote attacker to trigger a denial of service via crafted CCITT FAX data (out-of-bounds access). Affected product/version: FFmpeg up to 2.8.1 (prior to...

CVE-2015-8216

CVE-2015-8216 affects FFmpeg’s libavcodec/mjpegdec.c (ljpeg_decode_yuv_scan). The issue omits width/height checks, allowing remote attackers to cause a denial of service via crafted MJPEG data (out-of-bounds access). Upstream FFmpeg fixed this in version 2.8.2; multiple advisories (openSUSE, Debi...

DEBIAN-CVE-2015-6761

The updatedimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race condition and memory...

CVE-2015-6761

The updatedimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race condition and memory...

CVE-2015-6826

The ffrv34decodeinitthreadcopy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service invalid pointer access or possibly have unspecified other impact via crafted 1 RV30 or 2 RV40 RealVideo dat...

CVE-2015-6823

The allocatebuffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service segmentation violation or possibly have unspecified other impact via crafted Apple Lossless Audio Codec ALAC data...

CVE-2015-6822

The destroybuffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service segmentation violation and application crash or possibly have unspecified other impact via...

DEBIAN-CVE-2015-6822

The destroybuffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service segmentation violation and application crash or possibly have unspecified other impact via...

DEBIAN-CVE-2015-6820

The ffsbrapply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have...

CVE-2015-6819

Multiple integer underflows in the ffmjpegdecodeframe function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted MJPEG data...

CVE-2015-6823

The allocatebuffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service segmentation violation or possibly have unspecified other impact via crafted Apple Lossless Audio Codec ALAC data...

UBUNTU-CVE-2015-6819

Multiple integer underflows in the ffmjpegdecodeframe function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted MJPEG data...

Design/Logic Flaw

The allocatebuffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service segmentation violation or possibly have unspecified other impact via crafted Apple Lossless Audio Codec ALAC data...

Code injection

The ffmpvcommoninit function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service invalid pointer access or possibly have unspecified other impact via crafted MPEG data...

CVE-2015-6823

The vulnerability CVE-2015-6823 affects FFmpeg’s libavcodec/alac.c:allocate_buffers, where uninitialized context data can be used by crafted ALAC data to trigger a denial of service (segmentation fault) or other impact. This originates from FFmpeg before 2.7.2 failing to initialize certain pointe...

CVE-2015-6818

The decodeihdrchunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR aka image header chunk in a PNG image, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted...

CVE-2015-6820

CVE-2015-6820: In FFmpeg (libavcodec/aacsbr.c, ff_sbr_apply) the code does not verify a matching AAC frame syntax element before performing Spectral Band Replication calculations, enabling potential denial of service via out-of-bounds access from crafted AAC data. Connected sources confirm the ro...

CVE-2015-6822

The destroybuffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service segmentation violation and application crash or possibly have unspecified other impact via...