CVE-2011-3950

The diracdecodedataunit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number...

CVE-2013-7019

CVE-2013-7019 affects FFmpeg up to version 2.1, where get_cox in libavcodec/jpeg2000dec.c fails to validate the reduction factor, enabling an out-of-bounds access in crafted JPEG2000 data and potentially causing a denial of service or other impact. The issue is documented across multiple feeds (N...

CVE-2013-7009

FFmpeg: CVE-2013-7009 affects the rpza_decode_stream function in libavcodec/rpza.c, where improper maintenance of the pixel data pointer in FFmpeg before 2.1 can cause out-of-bounds access and a denial-of-service via crafted Apple RPZA data. Exploitation is remote and depends on parsing RPZA data...

CVE-2011-3950

The CVE-2011-3950 issue affects FFmpeg up to version 0.10, specifically the dirac_decode_data_unit function in libavcodec/diracdec.c, allowing remote attackers to cause an unspecified impact via a crafted reference pictures number. Public sources in the connected documents confirm the vulnerabili...

CVE-2011-3949

CVE-2011-3949 affects FFmpeg: the dirac_unpack_idwt_params function in libavcodec/diracdec.c (FFmpeg prior to 0.10) can be triggered by crafted Dirac data to cause an unspecified impact. The connected advisories reiterate the exact description and note that remediation involves upgrading FFmpeg. ...

CVE-2013-7010

FFmpeg/libavcodec/dsputil.c contains integer signedness errors in FFmpeg before 2.1, allowing remote attackers to cause a denial of service via crafted data (out-of-bounds access). The issue is documented across multiple advisories (Debian DSA-2855-1, Gentoo GLSA 201603-06) with remediation guida...

CVE-2011-3934

Double free vulnerability in the vp3updatethreadcontext function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data...

CVE-2013-7017

FFmpeg vulnerability CVE-2013-7017 involves libavcodec/jpeg2000.c and affects FFmpeg before 2.1, where crafted JPEG2000 data can trigger a remote denial of service (invalid pointer dereference). The issue is corroborated by multiple sources in connected docs, including Gentoo GLSA-201603-06 and r...

CVE-2013-7018

libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JPEG2000 data...

CVE-2013-7013

The g2minitbuffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted Go2Webinar data...

CVE-2013-7008

The decodesliceheader function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service deadlock or possibly have unspecified other impact via crafted H.264 data...

CVE-2013-7020

FFmpeg/libav is affected by CVE-2013-7020 due to improper enforcement of bit-count/colorspace constraints in read_header (FFV1 decoding), allowing an out-of-bounds read and potential DoS. Connected advisories (Debian DSA-3027-1, Gentoo GLSA 201603-06, Mandriva MDVSA-2014:227) confirm FFV1-related...

CVE-2013-7008

The CVE-2013-7008 flaw affects FFmpeg’s libavcodec/h264.c decode_slice_header, where the code incorrectly relies on a certain droppable field before FFmpeg 2.1. This enables an attacker to craft H.264 data that may cause a denial of service (deadlock) or other unspecified impact. The public repor...

CVE-2013-7022

FFmpeg, pre-2.1, is affected by CVE-2013-7022 via g2m_init_buffers in libavcodec/g2meet.c: memory for tiles is not allocated correctly, allowing a remote attacker to trigger a denial of service through an out-of-bounds access in crafted Go2Webinar data. The issue’s impact is described as DoS and ...

CVE-2013-7013

CVE-2013-7013 affects FFmpeg’s g2m_init_buffers in libavcodec/g2meet.c, where an incorrect arithmetic operation order in the Go2Webinar path (pre-2.1) enables out-of-bounds memory access and DoS via crafted data. The vulnerability is documented across multiple advisories (NVD/Nessus/Gentoo GLSA) ...

CVE-2011-3934

CVE-2011-3934 is a double-free vulnerability in FFmpeg’s libavcodec/vp3.c (vp3_update_thread_context) that affects FFmpeg before 0.10, enabling a remote attacker to cause an unspecified impact via crafted vp3 data. Connected advisories (e.g., Debian DSA-3003-1, Gentoo GLSA 201502-08) group this w...

CVE-2013-7020

The readheader function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted FFV1 data...

CVE-2011-3944

The smackerdecodeheadertree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data...

CVE-2011-3934

Double free vulnerability in the vp3updatethreadcontext function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data...

CVE-2013-7014

Integer signedness error in the addbytesl2c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted PNG data...