CVSS: 8.8EPSS: 4%CPEs: 79EXPL: 0CVE-2014-5271 – Gentoo Linux Security Advisory 201603-06
https://notcve.org/view.php?id=CVE-2014-5271
03 Nov 2014 — Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer basado en memoria dinámica en la función encode_slice en libavcodec/proresenc_kostya.c en FFMpeg anterior a 1.1.14, 1.2.x anterior a 1.2.8, 2.x anterior a 2.2.7, y 2.3.x... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=52b81ff4635c077b2bc8b8d3637d933b6629d803 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 2CVE-2014-4610 – Mandriva Linux Security Advisory 2014-129
https://notcve.org/view.php?id=CVE-2014-4610
09 Jul 2014 — Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. Un desbordamiento de enteros en la función get_len en el archivo libavutil/lzo.c en FFmpeg versiones anteriores a 0.10.14, versiones 1.1.x anteriores a 1.1.12, versiones 1.2.x anteriores a 1.2.7, versiones 2.0.x anteriores a 2.0.5, versiones 2.1... • http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-2097 – Gentoo Linux Security Advisory 201603-06
https://notcve.org/view.php?id=CVE-2014-2097
02 Mar 2014 — The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data. La función tak_decode_frame en libavcodec/takdec.c en FFmpeg anterior a 2.1.4 no valida debidamente cierto valor bits-per-sample, lo que permite a atacantes remotos causar una denegación... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=f58eab151214d2d35ff0973f2b3e51c5eb372da4 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-2099 – Mandriva Linux Security Advisory 2014-129
https://notcve.org/view.php?id=CVE-2014-2099
02 Mar 2014 — The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data. La función msrle_decode_frame en libavcodec/msrle.c en FFmpeg anterior a 2.1.4 no calcula debidamente tamaños de línea, lo que permite a atacantes remotos causar una denegación de servicio (acceso a array fuera de rango) o posi... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2 • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-2098 – Mandriva Linux Security Advisory 2014-129
https://notcve.org/view.php?id=CVE-2014-2098
02 Mar 2014 — libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data. libavcodec/wmalosslessdec.c en FFmpeg anterior a 2.1.4 utiliza un tamaño de estructura de datos incorrecto para ciertos coeficientes, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro i... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2263 – Debian Security Advisory 3003-1
https://notcve.org/view.php?id=CVE-2014-2263
28 Feb 2014 — The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write. La función mpegts_write_pmt en el muxer (libavformat/mpegtsenc.c) del flujo de transporte MPEG2 (también conocido como DVB) en FFmpeg, posiblemente 2.1 y anteriores, permite a atacantes remotos tener impacto y vectores no especificados, lo que provoca una escritura fuera... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2012-6616
https://notcve.org/view.php?id=CVE-2012-6616
24 Dec 2013 — The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data. La función mov_text_decode_frame en libavcodec/movtextdec.c en FFmpeg anteriores a 1.0.2 permite a atacantes remotos causar denegación de servicio (lectura fuera de límites y caída) a través de datos 3GPP TS 26.245 manipulados. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=68e48ed72e0597ae61bc3e9e6e6d9edcb1a00073 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6617
https://notcve.org/view.php?id=CVE-2012-6617
24 Dec 2013 — The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format. La función prepare_sdp_descriptoin en ffserver.c en FFmpeg anteriores a 1.0.2 permite a atacantes remotos causar denegación de servicio (caída) a través de vectores relacionados con el formato rtp. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9929991da7b843e7d80154fcacc4e80579b86a2d •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6615
https://notcve.org/view.php?id=CVE-2012-6615
24 Dec 2013 — The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text. La función ff_ass_split_override_codes en libavcodec/ass_split.c en FFmpeg anteriores a 1.0.2 permite a atacantes remotos causar denegación de servicio (referencia a puntero NULL y caída) a través de un diálogo de subtítulos sin texto. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=20c121c00747d6c3b0b0f98deeff021171b2ed74 •
CVSS: 5.5EPSS: 1%CPEs: 2EXPL: 1CVE-2012-6618
https://notcve.org/view.php?id=CVE-2012-6618
24 Dec 2013 — The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate." La función av_probe_input_buffer en libavformat/utils.c en FFmpeg anteriores a 1.0.2, cuando se ejecutan ciertos valores "probesize", permite a atacantes remotos causar denegación de servicio (caída) a través de ficheros... • http://article.gmane.org/gmane.comp.video.ffmpeg.user/42233 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •