CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13301
https://notcve.org/view.php?id=CVE-2018-13301
05 Jul 2018 — In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. En FFmpeg 4.0.1, debido a una comprobación faltante de un valor de perfil antes de configurarlo, la función ff_mpeg4_decode_picture_header en libavcodec/mpeg4videodec.c podría desencadenar una desreferencia de puntero NULL al convertir un arch... • http://www.securityfocus.com/bid/104675 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13305
https://notcve.org/view.php?id=CVE-2018-13305
05 Jul 2018 — In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. En FFmpeg 4.0.1, debido a una comprobación faltante de valores negativos de la variable mqaunt, la función vc1_put_blocks_clamped en libavcodec/vc1_block.c podría desencadenar un acceso fuera de array al convertir un archivo... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13304
https://notcve.org/view.php?id=CVE-2018-13304
05 Jul 2018 — In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c. En libavcodec en FFmpeg 4.0.1, el mantenimiento incorrecto de la consistencia entre el campo context profile y studio_profile en libavcodec podría desencadenar un fallo de aserción al convertir un arc... • https://github.com/FFmpeg/FFmpeg/commit/bd27a9364ca274ca97f1df6d984e88a0700fb235 • CWE-617: Reachable Assertion •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-13300 – Debian Security Advisory 4249-1
https://notcve.org/view.php?id=CVE-2018-13300
05 Jul 2018 — In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. En FFmpeg versión 3.2 y 4.0.1, un argumento incorrecto (AVCodecParameters) pasado a la función avpriv_request_sample en la función handle_eac3 en libavformat/movenc.c podría desencadenar una lectura ... • http://www.securityfocus.com/bid/104675 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-13302 – Debian Security Advisory 4249-1
https://notcve.org/view.php?id=CVE-2018-13302
05 Jul 2018 — In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact. En FFmpeg 4.0.1, la gestión incorrecta de tipos de frame (diferentes a EAC3_FRAME_TYPE_INDEPENDENT) que tienen múltiples subcadenas independiented en la función avpriv_request_s... • http://www.securityfocus.com/bid/104675 • CWE-129: Improper Validation of Array Index •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13303
https://notcve.org/view.php?id=CVE-2018-13303
05 Jul 2018 — In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. En FFmpeg 4.0.1, debido a una comprobación faltante de una llamada a init_get_bits8() en la función avpriv_ac3_parse_header en libavcodec/ac3_parser.c podría desencadenar una desreferencia de puntero NULL al convertir un archivo AVI manipulado a MPEG4, ... • http://www.securityfocus.com/bid/104675 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12459
https://notcve.org/view.php?id=CVE-2018-12459
15 Jun 2018 — An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. Un valor bits-per-sample inconsistente en la función ff_mpeg4_decode_picture_header en libavcodec/mpeg4videodec.c en FFmpeg 4.0 podría desencadenar una violación de aserción al convertir un archivo AVI manipulado a MPEG4, lo que conduce a una denegación de servicio. • https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-12458 – Debian Security Advisory 4249-1
https://notcve.org/view.php?id=CVE-2018-12458
15 Jun 2018 — An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. Un tipo de entero incorrecto en la función mpeg4_encode_gop_header en libavcodec/mpeg4videoenc.c en FFmpeg 2.8 y 4.0 podría desencadenar una violación de aserción al convertir un archivo AVI manipulado a MPEG4, lo que conduce a una denegación de servicio Several vulnerabilities hav... • https://github.com/FFmpeg/FFmpeg/commit/6bbef938839adc55e8e048bc9cc2e0fafe2064df • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12460
https://notcve.org/view.php?id=CVE-2018-12460
15 Jun 2018 — libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c. libavcodec en FFmpeg 4.0 podría desencadenar una desreferencia de puntero NULL si el perfil studio se detecta de forma incorrecta al convertir un archivo AVI manipulado a MPEG4, lo que conduce a una denegación de servicio (DoS). Esto está relacionado con idctdsp.c y mpegvideo.c. • https://github.com/FFmpeg/FFmpeg/commit/b3332a182f8ba33a34542e4a0370f38b914ccf7d • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7751 – Gentoo Linux Security Advisory 202003-65
https://notcve.org/view.php?id=CVE-2018-7751
24 Apr 2018 — The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. La función svg_probe en libavformat/img2dec.c en FFmpeg 3.4.2 permite que atacantes remotos provoquen una denegación de servicio (bucle infinito) mediante un archivo XML manipulado. Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. Versions greater than or equal to 4 are aff... • http://www.securityfocus.com/bid/103956 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •