CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9676
https://notcve.org/view.php?id=CVE-2014-9676
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free. La función seg_write_packet en libavformat/segment.c en ffmpeg 2.1.4 y anteriores no libera la localización de memoria correcta, lo que permite a atacantes remotos causar una denegación de servicio ('manejador de memoria inválido') y posiblemente ejecutar código arbitrario a través de un vídeo manipulado que provoca un uso después de liberación. • http://seclists.org/oss-sec/2015/q1/38 https://security.gentoo.org/glsa/201606-09 •
CVSS: 8.8EPSS: 6%CPEs: 6EXPL: 2CVE-2014-4610
https://notcve.org/view.php?id=CVE-2014-4610
Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. Un desbordamiento de enteros en la función get_len en el archivo libavutil/lzo.c en FFmpeg versiones anteriores a 0.10.14, versiones 1.1.x anteriores a 1.1.12, versiones 1.2.x anteriores a 1.2.7, versiones 2.0.x anteriores a 2.0.5, versiones 2.1.x anteriores a 2.1.5 , y versiones 2.2.x anteriores a 2.2.4, permite a atacantes remotos ejecutar código arbitrario por medio de una Ejecución Literal diseñada. • http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html http://www.openwall.com/lists/oss-security/2014/06/26/23 https://www.ffmpeg.org/security.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 1CVE-2012-6616
https://notcve.org/view.php?id=CVE-2012-6616
The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data. La función mov_text_decode_frame en libavcodec/movtextdec.c en FFmpeg anteriores a 1.0.2 permite a atacantes remotos causar denegación de servicio (lectura fuera de límites y caída) a través de datos 3GPP TS 26.245 manipulados. • p=ffmpeg.git%3Ba=commitdiff%3Bh=68e48ed72e0597ae61bc3e9e6e6d9edcb1a00073 http://secunia.com/advisories/51964 http://www.ffmpeg.org/security.html http://www.osvdb.org/93242 https://trac.ffmpeg.org/ticket/2087 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.6EPSS: 1%CPEs: 2EXPL: 1CVE-2012-6618
https://notcve.org/view.php?id=CVE-2012-6618
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate." La función av_probe_input_buffer en libavformat/utils.c en FFmpeg anteriores a 1.0.2, cuando se ejecutan ciertos valores "probesize", permite a atacantes remotos causar denegación de servicio (caída) a través de ficheros MP3 manipulados, posiblemente relacionado con el tamaño del frame o la falta de suficientes frames para estimar la tasa ("frames to estimate rate"). • p=ffmpeg.git%3Ba=commit%3Bh=e74cd2f4706f71da5e9205003c1d8263b54ed3fb http://secunia.com/advisories/51964 http://www.ffmpeg.org/security.html https://trac.ffmpeg.org/ticket/1991 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 64EXPL: 2CVE-2013-7021
https://notcve.org/view.php?id=CVE-2013-7021
The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data. • http://ffmpeg.org/security.html http://openwall.com/lists/oss-security/2013/11/26/7 http://openwall.com/lists/oss-security/2013/12/08/3 https://github.com/FFmpeg/FFmpeg/commit/cdd5df8189ff1537f7abe8defe971f80602cc2d2 https://security.gentoo.org/glsa/201603-06 https://trac.ffmpeg.org/ticket/2905 • CWE-399: Resource Management Errors •