1127 matches found
CVE-2015-6823
The vulnerability CVE-2015-6823 affects FFmpeg’s libavcodec/alac.c:allocate_buffers, where uninitialized context data can be used by crafted ALAC data to trigger a denial of service (segmentation fault) or other impact. This originates from FFmpeg before 2.7.2 failing to initialize certain pointe...
CVE-2015-6818
The decodeihdrchunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR aka image header chunk in a PNG image, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted...
CVE-2015-6822
The destroybuffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service segmentation violation and application crash or possibly have unspecified other impact via...
CVE-2015-6820
CVE-2015-6820: In FFmpeg (libavcodec/aacsbr.c, ff_sbr_apply) the code does not verify a matching AAC frame syntax element before performing Spectral Band Replication calculations, enabling potential denial of service via out-of-bounds access from crafted AAC data. Connected sources confirm the ro...
CVE-2015-6823
The allocatebuffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service segmentation violation or possibly have unspecified other impact via crafted Apple Lossless Audio Codec ALAC data...
FFmpeg 'msrle_decode_pal4' Denial of Service Vulnerability
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg versions prior to 2.5.6 and 2.6.2, which originates from an error in the 'msrledecodepal4' function in the libavcodec/msrledec.c file. An attacker...
DEBIAN-CVE-2015-3417
Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references...
Design/Logic Flaw
Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references...
Google Chrome FFmpeg Memory Misreference Vulnerability
Google Chrome is a simple and efficiently designed web browsing tool developed by Google. oogle Chrome suffers from a memory misreference vulnerability in the implementation of the libavcodec/vorbisdec.c function, which allows an attacker to build a malicious WEB page and trick the user into...
CVE-2014-7937
CVE-2014-7937 affects FFmpeg’s libavcodec/vorbisdec.c; multiple off-by-one errors can lead to a denial of service (use-after-free) or other impact via crafted Vorbis I data. The issue is present in FFmpeg versions before 2.4.2 as used by Google Chrome before 40.0.2214.91. Remediation is to upgrad...
FFmpeg 'libavcodec/utvideodec.c' Denial of Service Vulnerability
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the FFmpeg 'libavcodec/utvideodec.c' file. As the program fails to check the height of the video cutscene. A remote attacker could exploit this...
CVE-2014-9604
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted Ut Video data, related to the 1 restoremedian and 2...
Out-of-bounds
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted Ut Video data, related to the 1 restoremedian and 2...
Out-of-bounds
The vmddecode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted...
CVE-2014-9602
libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted...
CVE-2014-9602
libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted...
CVE-2014-9602
CVE-2014-9602 affects FFmpeg’s libavcodec/xface.h prior to 2.5.2, where certain numeric and word array dimensions do not satisfy a required mathematical relationship. This enables a remote attacker to trigger a denial of service via out-of-bounds access in X-Face image data, with potential unspec...
CVE-2014-9602
libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted...
CVE-2014-9603
CVE-2014-9603 : In FFmpeg, the vmd_decode path in libavcodec/vmdvideo.c does not validate the relationship between a length field and the frame width, allowing remote attackers to trigger an out-of-bounds access and cause a denial of service via crafted Sierra VMD data. Affected software: FFmpeg ...
CVE-2014-9602
libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted...