CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7859
https://notcve.org/view.php?id=CVE-2017-7859
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. FFmpeg en versiones anteriores a 05-03-2017 tiene una escritura fuera de límites provocado por un desbordamiento de búfer basado en memoria dinámica en relación con the ff_h264_slice_context_init function in libavcodec/h264dec.c. • http://www.securityfocus.com/bid/97663 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=713 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 5%CPEs: 14EXPL: 0CVE-2016-10192
https://notcve.org/view.php?id=CVE-2016-10192
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. Desbordamiento de búfer basado en memoria dinámica en ffserver.c en FFmpeg en versiones anteriores a 2.8.10, 3.0.x en versiones anteriores a 3.0.5, 3.1.x en versiones anteriores a 3.1.6 y 3.2.x en versiones anteriores a 3.2.2 permite a atacantes remotos ejecutar código arbitrario aprovechando el fallo para comprobar el tamaño del fragmento. • http://www.openwall.com/lists/oss-security/2017/01/31/12 http://www.openwall.com/lists/oss-security/2017/02/02/1 http://www.securityfocus.com/bid/95991 https://ffmpeg.org/security.html https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2016-10190
https://notcve.org/view.php?id=CVE-2016-10190
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. Desbordamiento de búfer basado en memoria dinámica en libavformat/http.c en FFmpeg en versiones anteriores a 2.8.10, 3.0.x en versiones anteriores a 3.0.5, 3.1.x en versiones anteriores a 3.1.6 y 3.2.x en versiones anteriores a 3.2.2 permite a servidores web remotos ejecutar código arbitrario a través de un tamaño de cantidad negativa en una respuesta HTTP. • http://www.openwall.com/lists/oss-security/2017/01/31/12 http://www.openwall.com/lists/oss-security/2017/02/02/1 http://www.securityfocus.com/bid/95986 https://ffmpeg.org/security.html https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html https://trac.ffmpeg.org/ticket/5992 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 14EXPL: 1CVE-2016-10191
https://notcve.org/view.php?id=CVE-2016-10191
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. Desbordamiento de búfer basado en memoria dinámica en libavformat/rtmppkt.c en FFmpeg en versiones anteriores a 2.8.10, 3.0.x en versiones anteriores a 3.0.5, 3.1.x en versiones anteriores a 3.1.6 y 3.2.x en versiones anteriores a 3.2.2 permite a atacantes remotos ejecutar código arbitrario aprovechando el fallo para comprobar si hay desajustes de tamaño de paquete RTMP. • https://github.com/KaviDk/Heap-Over-Flow-with-CVE-2016-10191 http://www.openwall.com/lists/oss-security/2017/01/31/12 http://www.openwall.com/lists/oss-security/2017/02/02/1 http://www.securityfocus.com/bid/95989 https://ffmpeg.org/security.html https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7 https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup http://secunia.com/advisories/17892 http://secunia.com/advisories/18066 http://secunia.com/advisories/18087 http://secunia.com/advisories/18107 http://secunia.com/advisories/18400 http://secunia.com/advisories/18739 http://secunia.com/advisories/18746 http://secunia.com/advisories/19114 http://secunia.com/advisories/19192 http://secunia&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •