EUVD-2018-10710

Malware in sbrugna...

CVE-2018-1999015

FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASFF format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to...

CVE-2018-1999015

FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASFF format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to...

CVE-2018-10001

The decodeinit function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out of array read via an AVI file...

CVE-2018-10001

CVE-2018-10001 affects FFmpeg prior to and including 3.4.2, where the function decode_init in libavcodec/utvideodec.c can be abused by a crafted AVI file to trigger a denial of service via an out-of-bounds read. The provided documents consistently describe DoS potential but do not include exploit...

CVE-2018-7557

The decodeinit function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service Out of array read via an AVI file with crafted dimensions within chroma subsampling data...

CVE-2018-7557

The decodeinit function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service Out of array read via an AVI file with crafted dimensions within chroma subsampling data...

CVE-2018-7557

The decodeinit function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service Out of array read via an AVI file with crafted dimensions within chroma subsampling data...

CVE-2018-7557

CVE-2018-7557 affects FFmpeg (libavcodec/utvideodec.c: decode_init) in FFmpeg versions 2.8 through 3.4.2. A crafted AVI file with specific chroma subsampling dimensions can trigger a denial of service via an out-of-bounds/out-of-array read. Connected sources confirm the component and root cause b...

CVE-2018-6912

The decodeplane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

CVE-2018-6912

The decodeplane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

CVE-2018-6912

CVE-2018-6912 affects FFmpeg up to 3.4.2 and is caused by the decode_plane function in libavcodec/utvideodec.c that can trigger an out-of-bounds read in a crafted AVI file, leading to a denial of service. Documents do not show exploit details. A remediation indicated by Gentoo GLSA-202003-65 is t...

Design/Logic Flaw

The decodeframe function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

CVE-2018-6621

The decodeframe function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service out of array read via a crafted AVI file...

CVE-2018-6621

CVE-2018-6621 affects FFmpeg/libavcodec/utvideodec.c: decode_frame allows remote attackers to trigger a denial of service (out-of-bounds/read) via a crafted AVI file. Debians/DLA-1630, DSA-4249 and related advisories show this was fixed by libav/ffmpeg package updates. The Debian entries explicit...

CVE-2012-2788

Unspecified vulnerability in the avireadpacket function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk."...

CVE-2012-2788

Unspecified vulnerability in the avireadpacket function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk."...

CVE-2012-2788

Unspecified vulnerability in the avireadpacket function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk."...

CVE-2012-2788

CVE-2012-2788 affects FFmpeg (libavformat/avidec.c) and Libav; it is caused by an out-of-bounds read in avi_read_packet when a packet is shrunk. The issue is fixed in FFmpeg >=0.11 and Libav 0.7.7/0.8.4 or later (per connected advisories, e.g., avidec: use actually read size instead of request...