CVE-2012-6618
https://notcve.org/view.php?id=CVE-2012-6618
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate." La función av_probe_input_buffer en libavformat/utils.c en FFmpeg anteriores a 1.0.2, cuando se ejecutan ciertos valores "probesize", permite a atacantes remotos causar denegación de servicio (caída) a través de ficheros MP3 manipulados, posiblemente relacionado con el tamaño del frame o la falta de suficientes frames para estimar la tasa ("frames to estimate rate"). • p=ffmpeg.git%3Ba=commit%3Bh=e74cd2f4706f71da5e9205003c1d8263b54ed3fb http://secunia.com/advisories/51964 http://www.ffmpeg.org/security.html https://trac.ffmpeg.org/ticket/1991 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-7008
https://notcve.org/view.php?id=CVE-2013-7008
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data. La función decode_slice_header en libavcodec/h264.c en FFmpeg anteriores a 2.1 depende incorrectamente de cierto campo deshechable, lo que permite a atacantes remotos causar una denegación de servico (deadlock) o posiblemente tener otro impacto no especificado a través de datos H264 manipulados. • http://ffmpeg.org/security.html http://openwall.com/lists/oss-security/2013/11/26/7 http://openwall.com/lists/oss-security/2013/12/08/3 https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f https://security.gentoo.org/glsa/201603-06 https://trac.ffmpeg.org/ticket/2927 •
CVE-2013-7009
https://notcve.org/view.php?id=CVE-2013-7009
The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data. La función rpza_decode_stream en libavcodec/rpza.c en FFmpeg anteriores a 2.1 no mantiene correctamente un puntero a píxeles, lo cual permite a atacantes remotos causar denegación de servicio (acceso a array fuera de límites) o posiblemente tener otro impacto no especificado a través de datos Apple RPZA. • http://ffmpeg.org/security.html http://openwall.com/lists/oss-security/2013/11/26/7 http://openwall.com/lists/oss-security/2013/12/08/3 https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34 https://security.gentoo.org/glsa/201603-06 https://trac.ffmpeg.org/ticket/2850 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-7010
https://notcve.org/view.php?id=CVE-2013-7010
Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. Múltiples errores de signo de enteros en libavcodec/dsputil.c en FFmpeg anterior a v2.1 permite a atacantes remotos provocar una denegación de servicio (acceso a array fuera de rango) o posiblemente tener otro impacto no especificado a través de información manipulada. • http://ffmpeg.org/security.html http://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v9.11 http://openwall.com/lists/oss-security/2013/11/26/7 http://openwall.com/lists/oss-security/2013/12/08/3 http://www.debian.org/security/2014/dsa-2855 https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760 https://security.gentoo.org/glsa/201603-06 • CWE-189: Numeric Errors •
CVE-2013-7011
https://notcve.org/view.php?id=CVE-2013-7011
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. La función read_header en libavcodec/ffv1dec.c en FFmpeg anterior a 2.1 no impide los cambios en los parámetros globales, lo que permite a atacantes remotos provocar una denegación de servicio (acceso fuera de rango a un array) o posiblemente tener un impacto no especificado a través de datos FFV1 manipulados • http://ffmpeg.org/security.html http://openwall.com/lists/oss-security/2013/11/26/7 http://openwall.com/lists/oss-security/2013/12/08/3 https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445 https://security.gentoo.org/glsa/201603-06 https://trac.ffmpeg.org/ticket/2906 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •