CVE-2015-3395
https://notcve.org/view.php?id=CVE-2015-3395
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. La función msrle_decode_pal4 en msrledec.c en Libav anterior a 10.7 y 11.x anterior a 11.4 y FFmpeg anterior a 2.0.7, 2.2.x anterior a 2.2.15, 2.4.x anterior a 2.4.8, 2.5.x anterior a 2.5.6, y 2.6.x anterior a 2.6.2 permite a atacantes remotos tener un impacto no especificado a través de una imagen manipulada, relacionado con un puntero de pixels, lo que provoca un acceso a array fuera de rango. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553 http://www.debian.org/security/2015/dsa-3288 http://www.securityfocus.com/bid/74433 http://www.ubuntu.com/usn/USN-2944-1 https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4 https://security.gentoo.org/glsa/201603-06 https://security.gentoo.org/glsa/201705-08 https://www.ffmpeg.org/security.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-9602
https://notcve.org/view.php?id=CVE-2014-9602
libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data. libavcodec/xface.h en FFmpeg anterior a 2.5.2 establece ciertas dimensiones de arrays de dígitos y palabras que no satisfacen una relación matemática requirida, lo que permite a atacantes remotos causar una denegación de servicio (acceso al array fuera de rango) o posiblemente tener otro impacto no especificado a través de datos de imágenes X-Face manipulados. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=93a5a16f136d095d23610f57bdad10ba88120fba https://security.gentoo.org/glsa/201603-06 • CWE-189: Numeric Errors •
CVE-2014-9603
https://notcve.org/view.php?id=CVE-2014-9603
The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data. La función vmd_decode en libavcodec/vmdvideo.c en FFmpeg anterior a 2.5.2 no valida la relación entre cierto valor de longitud y la anchura del marco, lo que permite a atacantes remotos causar una denegación de servicio (acceso al array fuera de rango) o posiblemente tener otro impacto no especificado a través de datos de vídeo Sierra VMD manipulados. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3030fb7e0d41836f8add6399e9a7c7b740b48bfd https://security.gentoo.org/glsa/201603-06 • CWE-20: Improper Input Validation •
CVE-2014-9604
https://notcve.org/view.php?id=CVE-2014-9604
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions. libavcodec/utvideodec.c en FFmpeg anterior a 2.5.2 no comprueba para un valor de cero en la altura de un trozo, lo que permite a atacantes remotos causar una denegación de servicio (acceso al array fuera de rango) o posiblemente tener otro impacto no especificado a través de datos de vídeo Ut manipulados, relacionado con las funciones (1) restore_median y (2) restore_median_il. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3881606240953b9275a247a1c98a567f3c44890f http://www.ubuntu.com/usn/USN-2534-1 https://security.gentoo.org/glsa/201603-06 • CWE-189: Numeric Errors •
CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup http://secunia.com/advisories/17892 http://secunia.com/advisories/18066 http://secunia.com/advisories/18087 http://secunia.com/advisories/18107 http://secunia.com/advisories/18400 http://secunia.com/advisories/18739 http://secunia.com/advisories/18746 http://secunia.com/advisories/19114 http://secunia.com/advisories/19192 http://secunia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •