Ffmpeg@2.4.1 Security Vulnerabilities and Issues — Ffmpeg@2.4.1 CVE List

Lucene search

FfmpegFfmpeg2.4.1

17 matches found

CVE•added 2015/06/16 4:59 p.m.•78 views

CVE-2015-3395

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, whi...

6.8CVSS8.5AI score0.01049EPSS

CVE•added 2016/01/15 3:59 a.m.•76 views

CVE-2016-1897

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.

5.5CVSS5.5AI score0.48759EPSS

CVE•added 2016/01/15 3:59 a.m.•73 views

CVE-2016-1898

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.

5.5CVSS5.5AI score0.29201EPSS

CVE•added 2015/01/22 10:59 p.m.•67 views

CVE-2014-7937

Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.

7.5CVSS9.5AI score0.02211EPSS

CVE•added 2014/12/09 11:59 p.m.•66 views

CVE-2014-9317

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file.

7.5CVSS8.9AI score0.00712EPSS

CVE•added 2014/11/05 11:55 a.m.•63 views

CVE-2014-8542

libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.

7.5CVSS9.2AI score0.0152EPSS

CVE•added 2014/12/09 11:59 p.m.•59 views

CVE-2014-9316

The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.

7.5CVSS8.3AI score0.00519EPSS

CVE•added 2014/11/05 11:55 a.m.•58 views

CVE-2014-8541

libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via ...

7.5CVSS8.9AI score0.00712EPSS

CVE•added 2014/11/05 11:55 a.m.•57 views

CVE-2014-8544

libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.

7.5CVSS8.8AI score0.01036EPSS

CVE•added 2014/11/05 11:55 a.m.•56 views

CVE-2014-8548

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.

7.5CVSS8.9AI score0.00712EPSS

CVE•added 2014/11/05 11:55 a.m.•52 views

CVE-2014-8547

libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.

7.5CVSS8.9AI score0.00765EPSS

CVE•added 2014/11/05 11:55 a.m.•51 views

CVE-2014-8546

Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.

7.5CVSS8.8AI score0.01024EPSS

CVE•added 2014/11/05 11:55 a.m.•50 views

CVE-2014-8543

libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.

7.5CVSS8.9AI score0.01402EPSS

CVE•added 2014/12/09 11:59 p.m.•50 views

CVE-2014-9318

The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_siz...

7.5CVSS6.8AI score0.01024EPSS

CVE•added 2014/12/09 11:59 p.m.•48 views

CVE-2014-9319

The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.

5CVSS6.5AI score0.00535EPSS

CVE•added 2014/11/05 11:55 a.m.•47 views

CVE-2014-8549

libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.

7.5CVSS7.5AI score0.00519EPSS

CVE•added 2014/11/05 11:55 a.m.•44 views

CVE-2014-8545

libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.

7.5CVSS8.9AI score0.01024EPSS