Stack-based Buffer Overflow

FFmpeg is vulnerable to stack-based buffer overflow attacks. The vulnerability is caused by an off-by-one error which creates an out-of-bound write through the decodezbuf function in libavcodec/pngdec.c...

CVE-2017-7866

FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decodezbuf function in libavcodec/pngdec.c...

CVE-2017-7863

FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decodeframecommon function in libavcodec/pngdec.c...

CVE-2017-7863

FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decodeframecommon function in libavcodec/pngdec.c...

CVE-2017-7866

Summary : CVE-2017-7866 affects FFmpeg prior to patched builds, with an out-of-bounds write caused by a stack-based buffer overflow in the decode_zbuf path of libavcodec/pngdec.c . This concrete issue was addressed in FFmpeg/OpenSUSE advisories (e.g., openSUSE-2017-631, openSUSE-2017-1067) which ...

CVE-2014-8545

CVE-2014-8545 concerns FFmpeg’s libavcodec/pngdec.c, where the code path accepts the monochrome-black format without validating that bits-per-pixel equals 1. This can trigger an out-of-bounds access in crafted PNG data, leading to a potential denial of service (and possibly other impact) as descr...

CVE-2013-0875

FFmpeg is affected by CVE-2013-0875 via the ff_add_png_paeth_prediction function in libavcodec/pngdec.c, vulnerable before version 1.1.3 due to an out-of-bounds array access when processing crafted PNG images. This affects FFmpeg’s PNG decoding path and could enable remote impact. Remediation per...