CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1872 – Ubuntu Security Notice USN-2944-1
https://notcve.org/view.php?id=CVE-2015-1872
26 Jul 2015 — The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. Vulnerabilidad en la función ff_mjpeg_decode_sof en libavcodec/mjpegdec.c en FFmpeg en versiones anteriores a 2.5.4, no valida el número de componentes en un segmento de JPEG-LS Start Of Fram... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=fabbfaa095660982cc0bc63242c459561fa37037 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 38EXPL: 0CVE-2015-3395 – Gentoo Linux Security Advisory 201705-08
https://notcve.org/view.php?id=CVE-2015-3395
15 Jun 2015 — The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. La función msrle_decode_pal4 en msrledec.c en Libav anterior a 10.7 y 11.x anterior a 11.4 y FFmpeg anterior a 2.0.7, 2.2.x anterior a 2.2.15, 2.4.x anterior a 2.4.8, 2.5... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3417 – Gentoo Linux Security Advisory 201705-08
https://notcve.org/view.php?id=CVE-2015-3417
24 Apr 2015 — Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data. Vulnerabilidad de uso después de liberación en la función ff_h264_free_tables en libavcodec/h264.c en FFmpeg anterior a 2.3.6 permite a atacantes remotos causar una denegación de servicio o posiblemen... • http://seclists.org/fulldisclosure/2015/Apr/31 •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 1CVE-2014-9676 – Gentoo Linux Security Advisory 201606-09
https://notcve.org/view.php?id=CVE-2014-9676
28 Feb 2015 — The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free. La función seg_write_packet en libavformat/segment.c en ffmpeg 2.1.4 y anteriores no libera la localización de memoria correcta, lo que permite a atacantes remotos causar una denegación de servicio ('manejador de... • http://seclists.org/oss-sec/2015/q1/38 •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2014-7933 – chromium-browser: use-after-free in FFmpeg
https://notcve.org/view.php?id=CVE-2014-7933
22 Jan 2015 — Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data. Vulnerabilidad de uso después de liberación en la función matroska_read_seek en libavformat/matroskadec.c en FFmpeg anterior a 2.5.1, utilizado en Google Chrome anterior a 40.... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=490a3ebf36821b81f73e34ad3f554cb523dd2682 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2014-7937 – chromium-browser: use-after-free in FFmpeg
https://notcve.org/view.php?id=CVE-2014-7937
22 Jan 2015 — Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data. Múltiples errores de superación de límite (off-by-one) en libavcodec/vorbisdec.c en FFmpeg anterior a 2.4.2, utilizado en Google Chrome anterior a 40.0.2214.91, permiten a atacantes remotos causar una denegación de servicio (uso después de liberación)... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8c50704ebf1777bee76772c4835d9760b3721057 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9602 – Gentoo Linux Security Advisory 201603-06
https://notcve.org/view.php?id=CVE-2014-9602
16 Jan 2015 — libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data. libavcodec/xface.h en FFmpeg anterior a 2.5.2 establece ciertas dimensiones de arrays de dígitos y palabras que no satisfacen una relación matemática requirida, lo que permite a atacantes remotos c... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=93a5a16f136d095d23610f57bdad10ba88120fba • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9603 – Gentoo Linux Security Advisory 201603-06
https://notcve.org/view.php?id=CVE-2014-9603
16 Jan 2015 — The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data. La función vmd_decode en libavcodec/vmdvideo.c en FFmpeg anterior a 2.5.2 no valida la relación entre cierto valor de longitud y la anchura del marco, lo que permite a atacantes remotos ca... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3030fb7e0d41836f8add6399e9a7c7b740b48bfd • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9604 – Debian Security Advisory 3189-1
https://notcve.org/view.php?id=CVE-2014-9604
16 Jan 2015 — libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions. libavcodec/utvideodec.c en FFmpeg anterior a 2.5.2 no comprueba para un valor de cero en la altura de un trozo, lo que permite a atacantes remotos causar una denegación de servicio (acce... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3881606240953b9275a247a1c98a567f3c44890f • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2014-9316 – Gentoo Linux Security Advisory 201603-06
https://notcve.org/view.php?id=CVE-2014-9316
09 Dec 2014 — The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file. La función mjpeg_decode_app en libavcodec/mjpegdec.c en FFMpeg anterior a 2.1.6, 2.2.x hasta 2.3.x, y 2.4.x anterior a 2.4.4 permite a atacantes remotos causar una denegación de servicio (acceso a memoria dinámica ... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=0eecf40935b22644e6cd74c586057237ecfd6844 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •