Ffmpeg Denial of Service Vulnerability (CNVD-2018-06423)

FFmpeg is a set of open source computer programs that can be used to record, convert digital audio and video to streams under the LGPL or GPL license. A denial of service vulnerability exists in the decodeinit function in libavcodec/utvideodec.c in Ffmpeg versions 3.4.2 and earlier. A remote...

PT-2018-18154 · FFmpeg +1 · Ffmpeg +1

Name of the Vulnerable Software and Affected Versions: FFmpeg versions 2.8 through 3.4.2 Description: The issue allows remote attackers to cause a denial of service Out of array read via an AVI file with crafted dimensions within chroma subsampling data. This is due to a problem in the decode ini...

DEBIAN-CVE-2018-6912

The decodeplane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

UBUNTU-CVE-2018-6621

The decodeframe function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

CVE-2018-5766

In Libav through 12.2, there is an invalid memcpy in the avpacketref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service segmentation fault via a crafted avi file...

CVE-2018-5684

In Libav through 12.2, there is an invalid memcpy call in the ffmovreadstsdentries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service segmentation fault and program failure with a crafted avi file...

Blender Sequencer imb_get_anim_type Streams Integer Overflow Vulnerability

Blender is an open source cross-platform all-in-one 3D animation software, providing a series of animated short film production solutions from modeling, animation, materials, rendering, to audio processing, video editing and so on. Blender Sequencer imbgetanimtype Streams suffers from an integer...

UBUNTU-CVE-2015-1208

Integer underflow in the movreaddefault function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file...

Denial of Service Vulnerability in Mango TV Client Handling AVIs

Mango TV is the only Internet video platform under Hunan Radio and Television, exclusively providing HD video live on-demand broadcast of all Hunan TV programs and providing users with all kinds of popular movies, TV dramas, variety shows, animation, music, entertainment and other content. A deni...

KMPlayer .nsv Denial of Service Vulnerability

KMPlayer is a video player developed by the KMPlayer team for the Linux and UNIX operating systems. The player uses Mplayer, Xine and GStreamer as decoding backends, and is one of the components of KDE. A denial of service vulnerability exists in KMPlayer .nsv version 4.2.2.4. A remote attacker c...

libebml2 'ReadData' Function Denial of Service Vulnerability

libebml2 is an open source EBML parser written in C . A security vulnerability exists in the 'ReadData' function of the ebmlmaster.c file in libebml2 2012-08-26 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of service with the help of a specially crafted...

Memory Corruption Vulnerability Exists in Video Pioneer PC (CNVD-2017-34296)

Video Pioneer is a software that can play video and audio online based on P2P Cloud 3D technology, supporting multiple streaming protocols, multiple audio and video formats. A memory corruption vulnerability exists in the Pioneer player when parsing special mp4 files. An attacker can exploit this...

Ffmpeg Double Release Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A double release vulnerability exists in FFmpeg 3.3.4 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of service with a specially crafted AVI file...

ALPINE-CVE-2017-15186

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file...

Null Pointer Reference Vulnerability in Thunderbolt Video

Xunlei Video is a media player owned by Xunlei, which was officially renamed Xunlei Look Player after the launch of the 3.0 version. A null pointer reference vulnerability exists in the mp4splitter module when Xunlei Video opens a specific MP4 file. An attacker can exploit the vulnerability to...

Memory Corruption Vulnerability in Storm Video 5

Storm Video 5 is a video player from Beijing Storm Technology Co. A memory corruption vulnerability exists when opening certain MP4 files in the Storm Video player, which can be exploited by attackers to cause a denial of service...

Bento4 Ap4StssAtom.cpp File Command Execution Vulnerability

Bento4 is an open source C++ library for reading and writing MP4 files.SDK is one of the software development kits. A security vulnerability exists in the AP4StssAtom class of the Ap4StssAtom.cpp file of the SDK in Bento4 version 1.5.0-616. The vulnerability can be exploited by an attacker with t...

UBUNTU-CVE-2017-12476

The AP4AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted mp4 file...

gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps

The gstriffcreateaudiocaps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service floating point exception and crash via a crafted video file...

CVE-2017-10727

Winamp 5.666 Build 3516x86 might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address controls Branch Selection starting at inmp3!DeleteAudioDecoder+0x000000000000762f."...