CVE-2013-3675

The processframeobj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service integer overflow, out-of-bounds array access, and application crash via crafted LucasArts Smush video data...

CVE-2013-3670

The rleunpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash via crafted RLE data. NOTE: the vendor has listed this as ...

Out-of-bounds

The mmdecodeinter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash via crafted American Laser...

Out-of-bounds

The cdgdecodeframe function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash via crafted CD Graphics Video data...

CVE-2013-3675

The processframeobj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service integer overflow, out-of-bounds array access, and application crash via crafted LucasArts Smush video data...

CVE-2013-3674

The cdgdecodeframe function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash via crafted CD Graphics Video data...

CVE-2013-3672

The mmdecodeinter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash via crafted American Laser...

CVE-2013-3672

CVE-2013-3672 concerns FFmpeg’s libavcodec/mmvideo.c:mm_decode_inter, where the code fails to validate the relationship between a horizontal coordinate and a width, enabling a remote attacker to trigger an out-of-bounds access and cause a crash (Denial of Service). It affects FFmpeg/libavcodec pr...

CVE-2013-3674

FFmpeg/libavcodec is affected by CVE-2013-3674. The cdg_decode_frame function in cdgraphics.c does not validate the presence of non-header data in the input buffer, enabling a remote attacker to trigger an out-of-bounds access and cause an application crash (denial of service) when processing CD ...

CVE-2013-3675

FFmpeg libavcodec, specifically the process_frame_obj in sanm.c, is vulnerable to a denial-of-service due to unvalidated width/height values when parsing LucasArts Smush data (FFmpeg before 1.2.1). The root cause is an integer overflow and out-of-bounds array access that can crash the application...

CVE-2013-3673

CVE-2013-3673 : In FFmpeg, the gif_decode_frame function in gifdec.c (libavcodec) before 1.2.1 does not properly manage frame disposal methods, allowing remote attackers to cause a denial of service via crafted GIF data (out-of-bounds access and crash). Affected component: FFmpeg/libavcodec. Root...

CVE-2013-3673

The gifdecodeframe function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash via crafted GIF data...

CVE-2013-1872

The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service reachable assertion and crash and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fsvisitor::removedeadconstants...

CVE-2013-2495

The iffreadheader function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format IFF data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service integer overflow, out-of-bounds...

CVE-2013-2276

The avcodecdecodeaudio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have...

CVE-2013-2277

The ffh264decodeseqparameterset function in h264ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecifie...

Out-of-bounds

The ffh264decodeseqparameterset function in h264ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecifie...

Out-of-bounds

The avcodecdecodeaudio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have...

CVE-2013-2276

The CVE-2013-2276 entry concerns FFmpeg's libavcodec avcodec_decode_audio4 in utils.c, vulnerable before 1.1.3 where decoding state is not verified before certain skip operations. This can allow remote attackers to trigger an out-of-bounds access and a crash (DoS), via crafted audio data. Affecte...

CVE-2013-2277

The CVE-2013-2277 issue affects FFmpeg’s libavcodec, specifically the ff_h264_decode_seq_parameter_set function in h264_ps.c. The root cause is a missing validation of the relationship between luma depth and chroma depth, which can lead to out-of-bounds reads and a crash when processing crafted H...