Design/Logic Flaw

The Shorten codec shorten.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary...

Heap overflow

Heap-based buffer overflow in the vqadecodechunk function in the VQA codec vqavideo.c in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a...

CVE-2012-0859

The renderline function in the vorbis codec vorbis.c in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of...

CVE-2012-0858

The Shorten codec shorten.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary...

CVE-2012-0947

Heap-based buffer overflow in the vqadecodechunk function in the VQA codec vqavideo.c in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a...

CVE-2012-0858

The CVE-2012-0858 family affects FFmpeg’s Shorten codec (shorten.c) in FFmpeg 0.7.x and 0.8.x and Libav 0.5.x–0.8.x, where processing a crafted Shorten file can trigger an invalid free, leading to application crash or possible remote code execution. Affected ranges are FFmpeg: 0.7.x before 0.7.12...

CVE-2012-0853

Technical details are not publicly available in the connected documents; the initial entry lists the Atrac3/FFmpeg Libav issue but no further technical specifics are provided here. Monitor for updates.

CVE-2012-0947

CVE-2012-0947 describes a heap-based buffer overflow in the vqa_decode_chunk function of libavcodec (Libav) across multiple 0.x branches (0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, 0.8.x before 0.8.2). A crafted VQA media file with an image size not a multiple of the block size c...

CVE-2012-0947

Heap-based buffer overflow in the vqadecodechunk function in the VQA codec vqavideo.c in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a...

Debian Security Advisory DSA 2494-1 (ffmpeg)

The remote host is missing an update to ffmpeg announced via advisory DSA 2494-1. OpenVAS Vulnerability Test $Id: deb24941.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2494-1 ffmpeg Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Scientific Linux Security Update : libvpx on SL6.x i386/x86_64

An integer overflow flaw, leading to arbitrary memory writes, was found in libvpx. An attacker could create a specially crafted video encoded using the VP8 codec that, when played by a victim with an application using libvpx such as Totem, would cause the application to crash or, potentially,...

CVE-2012-4045

Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the 1 strf chunk in BIRGB or 2 UYVY video data in an AVI file, or 3 decompressed TechSmith Screen Capture Codec TSCC data in an AVI file...

CVE-2012-4045

Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the 1 strf chunk in BIRGB or 2 UYVY video data in an AVI file, or 3 decompressed TechSmith Screen Capture Codec TSCC data in an AVI file...

Debian DSA-2494-1 : ffmpeg - several vulnerabilities

It was discovered that FFmpeg, Debian's version of the Libav media codec suite, contains vulnerabilities in the DPCM codecs CVE-2011-3951 , H.264 CVE-2012-0851 , ADPCM CVE-2012-0852 , and the KMVC decoder CVE-2011-3952 . In addition, this update contains bug fixes from the Libav 0.5.9 upstream...

[SECURITY] Fedora 17 Update: openjpeg-1.4-13.fc17

OpenJPEG is an open-source JPEG 2000 codec written in C. It has been developed in order to promote the use of JPEG 2000, the new still-image compression standard from the Joint Photographic Experts Group JPEG...

[SECURITY] Fedora 16 Update: openjpeg-1.4-13.fc16

OpenJPEG is an open-source JPEG 2000 codec written in C. It has been developed in order to promote the use of JPEG 2000, the new still-image compression standard from the Joint Photographic Experts Group JPEG...

CVE-2012-2832

The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document...

Design/Logic Flaw

The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document...

CVE-2012-2832

Removed by vendor...

[SECURITY] [DSA 2494-1] ffmpeg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2494-1 [email protected] http://www.debian.org/security/ Florian Weimer June 14, 2012 http://www.debian.org/security/faq -...