CVE-2018-13300

In FFmpeg 3.2 and 4.0.1, an improper argument AVCodecParameters passed to the avprivrequestsample function in the handleeac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information...

CVE-2018-13300

In FFmpeg 3.2 and 4.0.1, an improper argument AVCodecParameters passed to the avprivrequestsample function in the handleeac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information...

CVE-2018-13300

In FFmpeg 3.2 and 4.0.1, an improper argument AVCodecParameters passed to the avprivrequestsample function in the handleeac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information...

Design/Logic Flaw

The decodeinit function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out of array read via an AVI file...

CVE-2018-10001

CVE-2018-10001 affects FFmpeg prior to and including 3.4.2, where the function decode_init in libavcodec/utvideodec.c can be abused by a crafted AVI file to trigger a denial of service via an out-of-bounds read. The provided documents consistently describe DoS potential but do not include exploit...

CVE-2018-10001

The decodeinit function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out of array read via an AVI file...

FreeBSD : libvorbis -- multiple vulnerabilities (64ee858e-e035-4bb4-9c77-2468963dddb8)

NVD reports : Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184. In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the...

libvorbis -- multiple vulnerabilities

NVD reports: Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184. In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the...

CVE-2018-7557

The decodeinit function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service Out of array read via an AVI file with crafted dimensions within chroma subsampling data...

CVE-2018-7557

CVE-2018-7557 affects FFmpeg (libavcodec/utvideodec.c: decode_init) in FFmpeg versions 2.8 through 3.4.2. A crafted AVI file with specific chroma subsampling dimensions can trigger a denial of service via an out-of-bounds/out-of-array read. Connected sources confirm the component and root cause b...

CVE-2018-7557

The decodeinit function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service Out of array read via an AVI file with crafted dimensions within chroma subsampling data...

CVE-2018-7557

The decodeinit function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service Out of array read via an AVI file with crafted dimensions within chroma subsampling data...

CVE-2018-6912

The decodeplane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

CVE-2018-6912

The decodeplane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

CVE-2018-6912

CVE-2018-6912 affects FFmpeg up to 3.4.2 and is caused by the decode_plane function in libavcodec/utvideodec.c that can trigger an out-of-bounds read in a crafted AVI file, leading to a denial of service. Documents do not show exploit details. A remediation indicated by Gentoo GLSA-202003-65 is t...

Design/Logic Flaw

The decodeframe function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

CVE-2018-6621

The decodeframe function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

CVE-2018-6621

The decodeframe function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

CVE-2018-6621

CVE-2018-6621 affects FFmpeg/libavcodec/utvideodec.c: decode_frame allows remote attackers to trigger a denial of service (out-of-bounds/read) via a crafted AVI file. Debians/DLA-1630, DSA-4249 and related advisories show this was fixed by libav/ffmpeg package updates. The Debian entries explicit...

Updated libvorbis packages fix security vulnerabilities

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184 CVE-2017-14632. In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the...