CVE-2011-3950

The diracdecodedataunit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number...

CVE-2011-3950

The CVE-2011-3950 issue affects FFmpeg up to version 0.10, specifically the dirac_decode_data_unit function in libavcodec/diracdec.c, allowing remote attackers to cause an unspecified impact via a crafted reference pictures number. Public sources in the connected documents confirm the vulnerabili...

CVE-2011-3934

Double free vulnerability in the vp3updatethreadcontext function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data...

CVE-2013-7017

FFmpeg vulnerability CVE-2013-7017 involves libavcodec/jpeg2000.c and affects FFmpeg before 2.1, where crafted JPEG2000 data can trigger a remote denial of service (invalid pointer dereference). The issue is corroborated by multiple sources in connected docs, including Gentoo GLSA-201603-06 and r...

CVE-2013-7013

The g2minitbuffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted Go2Webinar data...

CVE-2013-7018

libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JPEG2000 data...

CVE-2013-7008

The decodesliceheader function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service deadlock or possibly have unspecified other impact via crafted H.264 data...

CVE-2013-7008

The CVE-2013-7008 flaw affects FFmpeg’s libavcodec/h264.c decode_slice_header, where the code incorrectly relies on a certain droppable field before FFmpeg 2.1. This enables an attacker to craft H.264 data that may cause a denial of service (deadlock) or other unspecified impact. The public repor...

CVE-2013-7022

FFmpeg, pre-2.1, is affected by CVE-2013-7022 via g2m_init_buffers in libavcodec/g2meet.c: memory for tiles is not allocated correctly, allowing a remote attacker to trigger a denial of service through an out-of-bounds access in crafted Go2Webinar data. The issue’s impact is described as DoS and ...

CVE-2013-7020

FFmpeg/libav is affected by CVE-2013-7020 due to improper enforcement of bit-count/colorspace constraints in read_header (FFV1 decoding), allowing an out-of-bounds read and potential DoS. Connected advisories (Debian DSA-3027-1, Gentoo GLSA 201603-06, Mandriva MDVSA-2014:227) confirm FFV1-related...

CVE-2013-7013

CVE-2013-7013 affects FFmpeg’s g2m_init_buffers in libavcodec/g2meet.c, where an incorrect arithmetic operation order in the Go2Webinar path (pre-2.1) enables out-of-bounds memory access and DoS via crafted data. The vulnerability is documented across multiple advisories (NVD/Nessus/Gentoo GLSA) ...

CVE-2011-3934

CVE-2011-3934 is a double-free vulnerability in FFmpeg’s libavcodec/vp3.c (vp3_update_thread_context) that affects FFmpeg before 0.10, enabling a remote attacker to cause an unspecified impact via crafted vp3 data. Connected advisories (e.g., Debian DSA-3003-1, Gentoo GLSA 201502-08) group this w...

CVE-2011-3944

The smackerdecodeheadertree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data...

CVE-2013-7020

The readheader function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted FFV1 data...

CVE-2011-3944

The CVE-2011-3944 entry concerns FFmpeg's libavcodec/smacker.c: the smacker_decode_header_tree function in FFmpeg up to version before 0.10 can be triggered by crafted Smacker data, potentially causing unspecified impact on remote hosts. The available connected records confirm FFmpeg/libavcodec a...

CVE-2011-3934

Double free vulnerability in the vp3updatethreadcontext function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data...

CVE-2013-7011

The CVE-2013-7011 issue affects FFmpeg’s read_header in libavcodec/ffv1dec.c, where global parameters can be changed by crafted FFV1 data, enabling a remote attacker to trigger a DoS via out-of-bounds access. Affected: FFmpeg builds prior to 2.1. Root cause: improper validation of global paramete...

CVE-2013-7014

Integer signedness error in the addbytesl2c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted PNG data...

CVE-2011-3950

The diracdecodedataunit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number...

CVE-2013-7014

Integer signedness error in the addbytesl2c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted PNG data...