748 matches found
Out-of-bounds
The ffsbrapply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have...
CVE-2015-6820
The ffsbrapply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have...
CVE-2015-6819
FFmpeg vulnerability (CVE-2015-6819) in libavcodec/mjpegdec.c: ff_mjpeg_decode_frame suffers multiple integer underflows before 2.7.2, enabling remote attackers to cause a denial of service via crafted MJPEG data (out-of-bounds array access). Impact is a crash or unspecified effects; upgrade to F...
CVE-2015-6820
The ffsbrapply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have...
CVE-2015-6820
CVE-2015-6820: In FFmpeg (libavcodec/aacsbr.c, ff_sbr_apply) the code does not verify a matching AAC frame syntax element before performing Spectral Band Replication calculations, enabling potential denial of service via out-of-bounds access from crafted AAC data. Connected sources confirm the ro...
CVE-2015-6818
CVE-2015-6818 affects FFmpeg’s decode_ihdr_chunk in libavcodec/pngdec.c, where the IHDR chunk in PNGs isn’t required to be unique. This can enable a crafted image with two or more IHDR chunks to trigger an out-of-bounds array access and cause a denial of service, with potential unspecified impact...
CVE-2015-6820
The ffsbrapply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have...
CVE-2015-1872
The CVE-2015-1872 issue affects FFmpeg/Libav: The function ff_mjpeg_decode_sof in libavcodec/mjpegdec.c does not validate the number of components in a JPEG-LS Start Of Frame, enabling a remote attacker to cause a denial of service via crafted Motion JPEG data (out-of-bounds access). Public discl...
CVE-2015-1872
The ffmjpegdecodesof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted...
CVE-2015-1872
The ffmjpegdecodesof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted...
CVE-2015-3395
The msrledecodepal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, whi...
Out-of-bounds
The msrledecodepal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, whi...
CVE-2015-3395
The msrledecodepal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, whi...
CVE-2015-3395
The msrledecodepal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, whi...
CVE-2015-3395
The msrledecodepal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, whi...
ffmpeg -- out-of-bounds array access
NVD reports: The msrledecodepal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel...
OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)
The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long Orabug 19951108 - Use a /sys/devices/system/cpu/online for SCNPROCESSORSONLN implementation Orabug 17642251 Joe Jin - Fix parsing of numeric hosts ...
Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash) (Shellshock)
The remote Solaris system is missing necessary patches to address security updates : - GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as...
CVE-2014-9603
The vmddecode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted...
CVE-2014-9602
libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted...