CVE-2014-8543

libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted MM video data...

CVE-2014-8542

libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted JV data...

CVE-2014-8547

CVE-2014-8547 is documented in FFmpeg advisories as a vulnerability in libavcodec/gifdec.c where FFmpeg before 2.0.6/2.4.2 miscomputes image heights for GIF data, allowing remote attackers to trigger out-of-bounds access and potential DoS (and possibly other impact) via crafted GIFs. The connecte...

CVE-2014-8545

libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted PNG data...

CVE-2014-8546

CVE-2014-8546 : FFmpeg contains an integer underflow in libavcodec/cinepak.c (pre-2.4.2) that can be exploited by remote attackers via crafted Cinepak data to cause a denial of service (out-of-bounds access). Affected product is FFmpeg prior to 2.4.2; remediation is to upgrade to FFmpeg 2.4.2 or ...

CVE-2014-8549

libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted On2 data...

CVE-2014-8545

libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted PNG data...

CVE-2014-8542

libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted JV data...

CVE-2014-8544

CVE-2014-8544 affects FFmpeg (libavcodec/tiff.c) where bits-per-pixel fields are not properly validated. This can enable a remote attacker to trigger a denial of service via crafted TIFF data (out-of-bounds access). The description specifies FFmpeg before 2.4.2 as vulnerable. The provided documen...

CVE-2014-8544

libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted TIFF data...

CVE-2014-8542

libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted JV data...

CVE-2014-8541

libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via...

CVE-2014-8548

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted Quicktime Graphics aka SMC video data...

CVE-2014-5272

libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats...

CVE-2014-5271

Heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via...

Heap overflow

Heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via...

CVE-2014-5272

CVE-2014-5272 affects FFmpeg’s libavcodec/iff.c where a crafted IF image can trigger an out-of-bounds array access in rgb8/rgbn handling. Affected versions include FFmpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2. The provided connected sources corroborate the ...

CVE-2014-5271

Heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via...

Mandriva Linux Security Advisory : ffmpeg (MDVSA-2014:129)

Multiple vulnerabilities has been discovered and corrected in ffmpeg : Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to 1 size of mclms arrays, 2 a getbits0 in decodeacfilter, and 3 too many bits in...

Updated ffmpeg packages fix security vulnerabilities

The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 2.0.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted TAK aka Tom's lossless...