CVE-2013-0857

The decodeframeilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data...

Design/Logic Flaw

The lpcprediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec ALAC data, related to a large nbsamples value...

Out-of-bounds

The decodesliceheader function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access...

Out-of-bounds

The wavpackdecodeframe function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error...

CVE-2013-0844

Off-by-one error in the adpcmdecodeframe function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access...

CVE-2013-0858

CVE-2013-0858 affects FFmpeg/libav: the atrac3_decode_init function in libavcodec/atrac3.c, prior to FFmpeg 1.0.4, allows remote attackers to induce an unspecified impact through ATRAC3 data when the joint stereo coding mode is used and there are fewer than two channels. The vulnerability is repo...

CVE-2013-0851

CVE-2013-0851 : FFmpeg’s decode_frame routine in libavcodec/eamad.c is vulnerable to an out-of-bounds array access when processing crafted Electronic Arts Madcow video data, affecting FFmpeg versions prior to 1.1. This remote issue can trigger a crash or unspecified impact. The CVE is documented ...

CVE-2013-0845

The CVE-2013-0845 issue affects FFmpeg’s libavcodec/alsdec.c (FFmpeg before 1.0.4). A crafted block length can cause an out-of-bounds write, enabling remote attackers to trigger an unspecified impact. The documentation does not provide exploit details. Remediation: upgrade FFmpeg to version 1.0.4...

CVE-2013-0854

The mjpegdecodescanprogressiveac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data...

CVE-2013-0849

CVE-2013-0849 affects FFmpeg/libav, specifically the roq_decode_init function in libavcodec/roqvideodec.c. A crafted RoQ video data width or height not a multiple of sixteen can allow a remote attacker to cause an unspecified impact. Publicly referenced mitigations exist in Debian advisory DSA-28...

CVE-2013-0844

FFmpeg/libavcodec contains an out-of-bounds access caused by an off-by-one error in adpcm_decode_frame (libavcodec/adpcm.c). Affected product: FFmpeg prior to 1.0.4. Impact: remote attackers could trigger the vulnerability via crafted DK4 data, leading to unspecified effects. The issue is resolve...

CVE-2013-0856

The vulnerability CVE-2013-0856 affects FFmpeg’s libavcodec ALAC decoding, specifically the lpc_prediction function in alac.c. Before FFmpeg 1.1, crafted ALAC data (related to a large nb_samples) can lead to a remote impact. The issue originates in the ALAC data handling within the lpc_prediction...

CVE-2013-0854

CVE-2013-0854 concerns FFmpeg’s libavcodec/mjpegdec.c, where the function mjpeg_decode_scan_progressive_ac in FFmpeg prior to 1.1 mishandles crafted MJPEG data. The result is a remote, unauthenticated impact (unspecified in the sources) that could affect affected decoding paths. This vulnerabilit...

CVE-2013-0846

Array index error in the qdm2decodesuperblock function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access...

CVE-2013-0856

The lpcprediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec ALAC data, related to a large nbsamples value...

CVE-2013-0855

CVE-2013-0855 affects FFmpeg’s libavcodec/alac.c alac_decode_close. Affected: FFmpeg before 1.1. Triggered by a large number of ALAC samples per frame, causing an out-of-bounds access. Impact is unspecified in the sources. Mitigation: upgrade FFmpeg to 1.1 or later (or apply vendor-specific patch...

CVE-2013-0846

The CVE-2013-0846 issue affects FFmpeg's libavcodec/qdm2.c, where an array index error in qdm2_decode_super_block can trigger an out-of-bounds access via crafted QDM2 data. This vulnerability is present in FFmpeg before 1.1 and can allow a remote attacker to impact confidentiality, integrity, and...

CVE-2013-0853

CVE-2013-0853 refers to a vulnerability in FFmpeg/libav where the wavpack_decode_frame function in libavcodec/wavpack.c could be triggered by crafted WavPack data, causing an out-of-bounds array access (likely due to an off-by-one error). The issue is exploitable remotely and is due to memory cor...

CVE-2013-0852

The parsepicturesegment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access...

CVE-2013-0853

The wavpackdecodeframe function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error...