CVSS: 7.5EPSS: 0%CPEs: 105EXPL: 0CVE-2014-8545
https://notcve.org/view.php?id=CVE-2014-8545
libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data. libavcodec/pngdec.c en FFmpeg anterior a 2.4.2 acepta el formato de negro monocromo sin verificar que el valor bits-per-pixel sea 1, lo que permite a atacantes remotos causar una denegación de servicio (acceso fuera de rango) o posiblemente tener otro impacto no especificado a través de datos PNG manipulados. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6 http://www.ffmpeg.org/security.html https://security.gentoo.org/glsa/201603-06 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup http://secunia.com/advisories/17892 http://secunia.com/advisories/18066 http://secunia.com/advisories/18087 http://secunia.com/advisories/18107 http://secunia.com/advisories/18400 http://secunia.com/advisories/18739 http://secunia.com/advisories/18746 http://secunia.com/advisories/19114 http://secunia.com/advisories/19192 http://secunia&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •