CVE-2013-0845

libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write...

Design/Logic Flaw

The lpcprediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec ALAC data, related to a large nbsamples value...

Out-of-bounds

The decodesliceheader function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access...

Out-of-bounds

The wavpackdecodeframe function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error...

CVE-2013-0844

Off-by-one error in the adpcmdecodeframe function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access...

CVE-2013-0845

The CVE-2013-0845 issue affects FFmpeg’s libavcodec/alsdec.c (FFmpeg before 1.0.4). A crafted block length can cause an out-of-bounds write, enabling remote attackers to trigger an unspecified impact. The documentation does not provide exploit details. Remediation: upgrade FFmpeg to version 1.0.4...

CVE-2013-0858

CVE-2013-0858 affects FFmpeg/libav: the atrac3_decode_init function in libavcodec/atrac3.c, prior to FFmpeg 1.0.4, allows remote attackers to induce an unspecified impact through ATRAC3 data when the joint stereo coding mode is used and there are fewer than two channels. The vulnerability is repo...

CVE-2013-0854

The mjpegdecodescanprogressiveac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data...

CVE-2013-0849

CVE-2013-0849 affects FFmpeg/libav, specifically the roq_decode_init function in libavcodec/roqvideodec.c. A crafted RoQ video data width or height not a multiple of sixteen can allow a remote attacker to cause an unspecified impact. Publicly referenced mitigations exist in Debian advisory DSA-28...

CVE-2013-0851

CVE-2013-0851 : FFmpeg’s decode_frame routine in libavcodec/eamad.c is vulnerable to an out-of-bounds array access when processing crafted Electronic Arts Madcow video data, affecting FFmpeg versions prior to 1.1. This remote issue can trigger a crash or unspecified impact. The CVE is documented ...

CVE-2013-0856

The vulnerability CVE-2013-0856 affects FFmpeg’s libavcodec ALAC decoding, specifically the lpc_prediction function in alac.c. Before FFmpeg 1.1, crafted ALAC data (related to a large nb_samples) can lead to a remote impact. The issue originates in the ALAC data handling within the lpc_prediction...

CVE-2013-0854

CVE-2013-0854 concerns FFmpeg’s libavcodec/mjpegdec.c, where the function mjpeg_decode_scan_progressive_ac in FFmpeg prior to 1.1 mishandles crafted MJPEG data. The result is a remote, unauthenticated impact (unspecified in the sources) that could affect affected decoding paths. This vulnerabilit...

CVE-2013-0844

FFmpeg/libavcodec contains an out-of-bounds access caused by an off-by-one error in adpcm_decode_frame (libavcodec/adpcm.c). Affected product: FFmpeg prior to 1.0.4. Impact: remote attackers could trigger the vulnerability via crafted DK4 data, leading to unspecified effects. The issue is resolve...

CVE-2013-0846

Array index error in the qdm2decodesuperblock function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access...

CVE-2013-0856

The lpcprediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec ALAC data, related to a large nbsamples value...

CVE-2013-0855

CVE-2013-0855 affects FFmpeg’s libavcodec/alac.c alac_decode_close. Affected: FFmpeg before 1.1. Triggered by a large number of ALAC samples per frame, causing an out-of-bounds access. Impact is unspecified in the sources. Mitigation: upgrade FFmpeg to 1.1 or later (or apply vendor-specific patch...

CVE-2013-0850

CVE-2013-0850 describes a vulnerability in FFmpeg’s libavcodec/h264.c decode_slice_header, where crafted H.264 data could trigger an out-of-bounds access. The issue affects FFmpeg prior to 1.1 (libav in common libavutil/libavcodec code paths) and has been referenced across multiple trackers (NVD,...

CVE-2013-0853

The wavpackdecodeframe function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error...

CVE-2013-0852

CVE-2013-0852 affects FFmpeg. The vulnerability is in the parse_picture_segment function, libavcodec/pgssubdec.c, where crafted RLE data can trigger an out-of-bounds array access in FFmpeg before 1.1. This is reported as an unspecified impact in the description, and no exploitation details are pr...

CVE-2013-0848

CVE-2013-0848 concerns FFmpeg/libav’s decode_init in libavcodec/huffyuv.c, where before 1.1 the predictor set to median with width crafted in huffyuv data (colorspace YUV422P) can cause an out-of-bounds array access. The connected advisories confirm multiple vendors released fixes and updated pac...