CVSS: 10.0EPSS: 15%CPEs: 1EXPL: 2CVE-2009-4637 – FFmpeg 0.5 - Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4637
FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores desconocidos que inicia un desbordamiento de búfer basado en pila. • https://www.exploit-db.com/exploits/33233 http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html http://secunia.com/advisories/36805 http://secunia.com/advisories/38643 http://secunia.com/advisories/39482 http://www.debian.org/security/2010/dsa-2000 http://www.securityfocus.com/bid/36465 http://www.ubuntu.com/usn/USN-931-1 http://www.vupen.com/english/advisories/2010/0935 https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1CVE-2009-4638
https://notcve.org/view.php?id=CVE-2009-4638
Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. Desbordamiento de entero en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (caída) y posiblemente una ejecución de código arbitrario a través de vectores desconocidos. • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html http://secunia.com/advisories/36805 http://secunia.com/advisories/38643 http://www.debian.org/security/2010/dsa-2000 http://www.securityfocus.com/bid/36465 https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 4%CPEs: 1EXPL: 1CVE-2009-4640
https://notcve.org/view.php?id=CVE-2009-4640
Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. Error de indexación de array en vorbis_dec.c in FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar y posiblemente ejecutar código arbitrario a través de un fichero Vorbis manipulado que inicia una lectura fuera de rango. • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html http://secunia.com/advisories/36805 http://secunia.com/advisories/38643 http://secunia.com/advisories/39482 http://www.debian.org/security/2010/dsa-2000 http://www.mandriva.com/security/advisories?... name=MDVSA-2011:114 http://www.securityfocus.com/bid/36465 http://www.ubuntu.com/usn/USN-931-1 http://www.vupen.com/english/advisories/2010/0935 http://www.vupen.com/english/advisories/2011/1241& • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 3CVE-2008-4866
https://notcve.org/view.php?id=CVE-2008-4866
Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY. Múltiples desbordamientos de búfer en libavformat/utils.c en FFmpeg 0.4.9 antes de r14715, como lo usa MPlayer, permite a atacantes dependientes del contexto tener un impacto desconocido mediante vectores relacionados con código de generación de DTS con un retraso mayor que MAX_REORDER_DELAY. • http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html http://secunia.com/advisories/34296 http://secunia.com/advisories/34385 http://secunia.com/advisories/34845 http://security.gentoo.org/glsa/glsa-200903-33.xml http://www.debian.org/security/2009/dsa-1782 http://www.mandriva.com/security/advisories? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 2CVE-2008-3230
https://notcve.org/view.php?id=CVE-2008-3230
The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif. El FFmpeg lavf Demuxer permite atacantes, con la ayuda del usuario, provocar una denegación de servicio (con caída de aplicación) a través de un archivo GIF manipulado, posiblemente relacionado con gstreamer, como se demuestra con el fichero lol-giftopnm.gif. • name=MDVSA-2009:297 http://www.openwall.com/lists/oss-security/2008/07/13/3 http://www.securityfocus.com/bid/31234 https://exchange.xforce.ibmcloud.com/vulnerabilities/44210 https://roundup.mplayerhq.hu/roundup/ffmpeg/issue530 • CWE-20: Improper Input Validation •