CVE-2017-11665

The ffamfgetfieldvalue function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service Segmentation Violation and application crash via a crafted stream...

CVE-2017-11665

CVE-2017-11665 affects FFmpeg 3.3.2, where the ff_amf_get_field_value function in libavformat/rtmppkt.c can be exploited by a crafted RTMP stream to trigger a denial of service (Segmentation Violation and application crash). Public references in connected documents confirm the vulnerability in FF...

The vulnerability in the `libavformat/rtmppkt.c` component of the FFmpeg multimedia library allows a attacker to execute arbitrary code.

The vulnerability of the libavformat/rtmppkt.c component in the FFmpeg multimedia library arises due to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code, without any checks for packet size compliance with RTMP...

CVE-2015-1207

Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service memory corruption and crash via a crafted .m4a file...

Double free

Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service memory corruption and crash via a crafted .m4a file...

CVE-2015-1207

CVE-2015-1207 is a double-free vulnerability in libavformat/mov.c of FFmpeg affecting Google Chrome 41.0.2251.0, exploitable via a crafted .m4a file to cause memory corruption and a denial of service. Publicly documented in OSV and Debian advisories, with Debian noting fixes in libav 6:11.12-1~de...

CVE-2015-1207

Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service memory corruption and crash via a crafted .m4a file...

Libav Denial of Service Vulnerability (CNVD-2017-07535)

Libav formerly FFmpeg is Libav team's set of cross-platform audio and video can be recorded, converted to a solution, which includes a libavcodec encoder. A denial of service vulnerability exists in the 'nsvreadchunk' function of the libavformat/nsvdec.c file in Libav versions prior to 12.1, whic...

openSUSE Security Update : ffmpeg (openSUSE-2017-524)

This update for ffmpeg to version 3.3 fixes several issues. These security issues were fixed : - CVE-2016-10190: Heap-based buffer overflow in libavformat/http.c in FFmpeg allowed remote web servers to execute arbitrary code via a negative chunk size in an HTTP response boo1022920 - CVE-2016-1019...

openSUSE Security Update : ffmpeg (openSUSE-2017-449)

This update for ffmpeg fixes the following issues : Security issue fixed : - CVE-2016-10190: remote code execution vulnerability 1 - libavformat/http.c boo1022920 Detailed ChangeLog : - 3.1.6: https://github.com/FFmpeg/FFmpeg/blob/e08b1cf2df8cfdb339 4aa5ab0320739f8b5a1c4f/Changelog - 3.2.4:...

Remote Code Execution (RCE)

ffmpeg is vulnerable to remote code execution RCE attacks. A heap-based buffer overflow in libavformat/rtmppkt.c is caused by the failure to check for RTMP packet size mismatches. The resulted buffer overflow can be exploited by aligning chunks and by using a white-what-where condition to launch...

Security update of chromium (important)

Google chromium was updated to 56.0.2924.87: Various small fixes Disabled option to enable/disable plugins in the chrome://plugins - Changed the build requirement of libavformat to library version 57.41.100, as included in ffmpeg 3.1.1, as only this version properly supports the public AVStream A...

CVE-2016-10190

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response...

Heap overflow

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response...

CVE-2016-10191

Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches...

CVE-2016-10190

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response...

CVE-2016-10190

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response...

CVE-2016-10190

CVE-2016-10190 is a heap-based buffer overflow in FFmpeg’s libavformat/http.c that lets a remote attacker execute code via a negative HTTP chunk size. Affected branches include FFmpeg up to 2.8.10, 3.0.x up to 3.0.5, 3.1.x up to 3.1.6, and 3.2.x up to 3.2.2. The root cause is improper length/offs...

CVE-2016-10190

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response...

FFmpeg integer overflow vulnerability (CNVD-2017-01242)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. An integer overflow vulnerability exists in the 'movbuildindex' function in the libavformat/mov.c file in FFmpeg. A remote attacker can exploit this vulnerability to execute code and cause ...