CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 4CVE-2016-6832
https://notcve.org/view.php?id=CVE-2016-6832
15 Feb 2017 — Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing. Desbordamiento de búfer basado en memoria dinámica en la función ff_audio_resample en resample.c en libav en versiones anteriores a 11.4 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores relacionados con redimensionamiento de búfer. • http://www.openwall.com/lists/oss-security/2016/08/13/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-7424
https://notcve.org/view.php?id=CVE-2016-7424
07 Oct 2016 — The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file. La función put_no_rnd_pixels8_xy2_mmx en x86/rnd_template.c en libav 11.7 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo MP3 manipulado. • http://www.debian.org/security/2016/dsa-3685 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2016-3062 – Gentoo Linux Security Advisory 201705-08
https://notcve.org/view.php?id=CVE-2016-3062
15 Jun 2016 — The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. La función mov_read_dref en libavformat/mov.c en Libav en versiones anteriores a 11.7 y FFmpeg en versiones anteriores a 0.11 permite a atacantes remotos provocar una denegación de srevicio (corrupción de memoria) o ejecutar código arbitrario a través de valores de ent... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2015-5479 – Ubuntu Security Notice USN-2944-1
https://notcve.org/view.php?id=CVE-2015-5479
05 Apr 2016 — The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. La función ff_h263_decode_mba en libavcodec/ituh263dec.c en Libav en versiones anteriores a 11.5 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de la aplicación) a través de un archivo con dimensiones manipuladas. It was discovered that Libav in... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 0%CPEs: 38EXPL: 0CVE-2015-3395 – Gentoo Linux Security Advisory 201705-08
https://notcve.org/view.php?id=CVE-2015-3395
15 Jun 2015 — The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. La función msrle_decode_pal4 en msrledec.c en Libav anterior a 10.7 y 11.x anterior a 11.4 y FFmpeg anterior a 2.0.7, 2.2.x anterior a 2.2.15, 2.4.x anterior a 2.4.8, 2.5... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 9%CPEs: 79EXPL: 0CVE-2014-5271 – Gentoo Linux Security Advisory 201603-06
https://notcve.org/view.php?id=CVE-2014-5271
03 Nov 2014 — Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer basado en memoria dinámica en la función encode_slice en libavcodec/proresenc_kostya.c en FFMpeg anterior a 1.1.14, 1.2.x anterior a 1.2.8, 2.x anterior a 2.2.7, y 2.3.x... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=52b81ff4635c077b2bc8b8d3637d933b6629d803 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 1CVE-2014-4609 – Mandriva Linux Security Advisory 2014-129
https://notcve.org/view.php?id=CVE-2014-4609
09 Jul 2014 — Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run. Un desbordamiento de enteros en la función get_len en el archivo libavutil/lzo.c en Libav versiones anteriores a 0.8.13, versiones 9.x anteriores a 9.14 y versiones 10.x anteriores a 10.2, permite a atacantes remotos ejecutar código arbitrario por medio de una Ejecución Literal diseñada. Multiple unspecified vul... • http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 10%CPEs: 13EXPL: 0CVE-2014-3984 – Ubuntu Security Notice USN-2244-1
https://notcve.org/view.php?id=CVE-2014-3984
06 Jun 2014 — Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors. Múltiples vulnerabilidades no especificadas en Libav anterior a 0.8.12 permiten a atacantes remotos tener impacto y vectores desconocidos. It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privi... • http://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v0.8.12 •
CVSS: 10.0EPSS: 0%CPEs: 95EXPL: 0CVE-2011-3937 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3937
05 Jan 2013 — The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads." El codificador-decodificador H.263 (libavcodec/h263dec.c) en FFmpeg versión 0.7.x anterior a 0.7.12, versión 0.8.x anterior a 0.8.11, y versiones no específicas anterior a 0.10, y en Libav v... • http://ffmpeg.org/security.html •
CVSS: 10.0EPSS: 3%CPEs: 88EXPL: 0CVE-2012-5144 – Gentoo Linux Security Advisory 201406-28
https://notcve.org/view.php?id=CVE-2012-5144
12 Dec 2012 — Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN." Google Chrome antes 23.0.1271.97 no realiza correctamente la decodificación AAC, que permite a atacantes remotos provocar una denegación de servicio (corrupción de pila ... • http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •