CVE-2014-5272

CVE-2014-5272 affects FFmpeg’s libavcodec/iff.c where a crafted IF image can trigger an out-of-bounds array access in rgb8/rgbn handling. Affected versions include FFmpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2. The provided connected sources corroborate the ...

CVE-2014-5271

Heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via...

Mandriva Linux Security Advisory : ffmpeg (MDVSA-2014:129)

Multiple vulnerabilities has been discovered and corrected in ffmpeg : Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to 1 size of mclms arrays, 2 a getbits0 in decodeacfilter, and 3 too many bits in...

Updated ffmpeg packages fix security vulnerabilities

The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 2.0.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted TAK aka Tom's lossless...

GOM Media Player 2.1.37 Buffer Overflow Vulnerability

No description provided by source. Introduction: ============= GOM Player Gretech Online Movie Player is a 32/64-bit media player for Microsoft Windows, distributed by the Gretech Corporation of South Korea. It is the primary client player for South Korean GOM-TV, and is more popular in South Kor...

FFmpeg及Libav 'libavcodec/wmalosslessdec.c'内存破坏漏洞

BUGTRAQ ID: 66057 CVECAN ID: CVE-2014-2098 FFmpeg是一个免费的可以执行音讯和视讯多种格式的录影、转档、串流功能的软件。 FFmpeg及Libav 2.1.4之前版本libavcodec/wmalosslessdec.c对某些系数使用了错误的数据结构大小，这可使远程攻击者通过特制的WMA数据，利用此漏洞造成拒绝服务（内存破坏）。 0 FFmpeg FFmpeg 2.1.4 厂商补丁： FFmpeg ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://ffmpeg.org/security.html...

CVE-2014-2098

libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted WMA data...

Out-of-bounds

The msrledecodeframe function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted Microsoft RLE video data...

CVE-2014-2098

libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted WMA data...

CVE-2014-2099

FFmpeg vulnerability CVE-2014-2099: The msrle_decode_frame function in libavcodec/msrle.c does not correctly calculate line sizes, enabling remote attackers to trigger a denial of service via out-of-bounds array access with crafted Microsoft RLE video data. Affected software: FFmpeg before 2.1.4....

CVE-2014-2098

libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted WMA data...

CVE-2014-2097

The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted TAK aka Tom's lossless...

CVE-2014-2098

The CVE-2014-2098 issue affects FFmpeg: libavcodec/wmalosslessdec.c before 2.1.4 uses an incorrect data-structure size for certain coefficients, enabling memory corruption/denial of service via crafted WMA data. Affected product: FFmpeg (libavcodec). Root cause: incorrect coefficient data structu...

CVE-2012-6615

The ffasssplitoverridecodes function in libavcodec/asssplit.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a subtitle dialog without text...

Out-of-bounds

The movtextdecodeframe function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service out-of-bounds read and crash via crafted 3GPP TS 26.245 data...

CVE-2012-6616

The CVE-2012-6616 issue affects FFmpeg’s mov_text_decode_frame in libavcodec/movtextdec.c prior to 1.0.2, enabling remote attackers to trigger an out-of-bounds read and crash via crafted 3GPP TS 26.245 data. Multiple advisories (Debian, UBUNTU, Red Hat, NVD, CVE.org, OSV, Nessus) reference this f...

CVE-2012-6615

CVE-2012-6615 affects FFmpeg prior to 1.0.2. The vulnerability is in the function ff_ass_split_override_codes (libavcodec/ass_split.c), where processing a subtitle dialog without text can trigger a NULL pointer dereference, leading to denial of service (crash). This is a remote issue with network...

CVE-2013-4358

libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service crash via vectors related to alternating bit depths in H.264 data...

CVE-2013-4358

CVE-2013-4358 affects FFmpeg, specifically the libavcodec/h264.c path, with vulnerable code present in FFmpeg before 0.11.4. The issue allows remote attackers to trigger a denial of service (crash) via vectors related to alternating bit depths in H.264 data. Documents indicate a bug in FFmpeg’s H...

CVE-2013-7024

The jpeg2000decodetile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JPEG2000 dat...