CVE-2012-2801

Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes."...

CVE-2012-2787

Unspecified vulnerability in the decodeframe function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."...

CVE-2012-2772

Unspecified vulnerability in the ffrv34decodeframe function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing with frame threading."...

CVE-2012-2783

Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to "freeing the returned frame."...

CVE-2012-2791

Multiple unspecified vulnerabilities in the 1 decodebandhdr function in indeo4.c and 2 ffividecodeblocks function in ivicommon.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."...

CVE-2012-0849

Integer overflow in the ffj2kdwtinit function in libavcodec/j2kdwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service segmentation fault and application crash via a crafted JPEG2000 image that triggers an incorrect check for a negative value...

CVE-2012-0855

Heap-based buffer overflow in the getsot function in the J2K decoder j2k.c in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service application crash via unspecified vectors related to the curtileno variable...

CVE-2012-0849

Integer overflow in the ffj2kdwtinit function in libavcodec/j2kdwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service segmentation fault and application crash via a crafted JPEG2000 image that triggers an incorrect check for a negative value...

Heap overflow

Heap-based buffer overflow in the getsot function in the J2K decoder j2k.c in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service application crash via unspecified vectors related to the curtileno variable...

CVE-2012-0855

The CVE-2012-0855 vulnerability affects FFmpeg’s libavcodec J2K decoder (get_sot in j2k.c). It is a heap-based buffer overflow that can be triggered remotely to cause an application crash (denial of service) and is associated with FFmpeg versions prior to 0.9.1. No exploitation vectors, specific ...

CVE-2012-0849

FFmpeg vulnerability CVE-2012-0849: Integer overflow in ff_j2k_dwt_init (libavcodec/j2k_dwt.c) present in FFmpeg before 0.9.1, enabling remote denial of service via a crafted JPEG2000 image that triggers an incorrect negative-value check. Documents confirm the affected component and root cause bu...

CVE-2012-0855

Heap-based buffer overflow in the getsot function in the J2K decoder j2k.c in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service application crash via unspecified vectors related to the curtileno variable...

CVE-2012-0855

Heap-based buffer overflow in the getsot function in the J2K decoder j2k.c in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service application crash via unspecified vectors related to the curtileno variable...

Buffer overflow

Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service crash and possibly...

Integer overflow

Integer overflow in the vp3dequant function in the VP3 decoder vp3.c in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of...

CVE-2011-4579

The CVE-2011-4579 entry concerns the SVQ1 decoder function svq1_decode_frame in FFmpeg/libavcodec (svq1dec.c). A crafted SVQ1 stream can trigger a memory corruption vulnerability that allows remote denial of service, with impact described as a crash via a stream whose dimensions change. Affected ...

CVE-2011-4352

Integer overflow in the vp3dequant function in the VP3 decoder vp3.c in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of...

CVE-2011-3945

CVE-2011-3945 affects FFmpeg/Libav: the decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec vulnerable to crafted media files, enabling remote DoS and possibly code execution. Affected, per description: FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11; Libav 0.5.x before 0.5.9, ...

CVE-2012-0856

FFmpeg prior to 0.9.1 is affected by a heap-based buffer overflow in MPV_frame_start (libavcodec/mpegvideo.c) when the lowres option is enabled. The vulnerability allows remote attackers to crash the application via a crafted H263 video file; it is noted as a regression-related issue. No specific...

CVE-2012-0850

The CVE-2012-0850 entry is supported by concrete details across connected sources: FFmpeg/libavcodec in FFmpeg before 0.9.1 contains a flaw in sbr_qmf_synthesis (libavcodec/aacsbr.c) that can trigger memory corruption via crafted MPEGs, likely a buffer underflow, leading to application crashes an...