CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 0CVE-2012-0850
https://notcve.org/view.php?id=CVE-2012-0850
20 Aug 2012 — The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow. La función sbr_qmf_synthesis en libavcodec/aacsbr.c en FFmpeg antes de v0.9.1 permite a atacantes remotos provocar una denegación de servicio (por caída de la aplicación) a través de un archivo debidamente modificado que provoca daños en la memoria... • http://ffmpeg.org/security.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 43EXPL: 1CVE-2012-0856
https://notcve.org/view.php?id=CVE-2012-0856
20 Aug 2012 — Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file. NOTE: this vulnerability exists because of a regression error. Desbordamiento de búfer basado en memoria dinámica en la función MPV_frame_start en libavcodec/mpegvideo.c en FFmpeg anterior a v0.9.1, cuando la opción (lowres) está activada, permite a atacantes remo... • http://ffmpeg.org/security.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2012-0847
https://notcve.org/view.php?id=CVE-2012-0847
20 Aug 2012 — Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file. Un desbordamiento de búfer basado en memoria dinámica ('heap') en la función avfilter_filter_samples en libavfilter/avfilter.c en FFmpeg antes de v0.9.1 permite a atacantes remotos provocar una denegación de servicio (por caída de la aplicación) a través de un archivo debidamente modificado. • http://ffmpeg.org/security.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 43EXPL: 0CVE-2012-0857
https://notcve.org/view.php?id=CVE-2012-0857
20 Aug 2012 — Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors. Múltiples desbordamientos de búfer en la función get_qcs en J2K decoder (j2kdec.c) en libavcode en FFmpeg anterior a v0.9.1 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de vectores no especificados. • http://ffmpeg.org/security.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 37EXPL: 0CVE-2011-3951 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3951
20 Aug 2012 — The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file. La función dpcm_decode_frame en dpcm.c en libavcodec de FFmpeg antes de v0.10 y en Libav v0.5.x antes de v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.6 y v0.8.x antes de v0.8.1 ... • http://ffmpeg.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 62EXPL: 0CVE-2011-3952 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3952
20 Aug 2012 — The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file. La función decode_init en kmvc.c en libavcodec de FFmpeg antes de v0.10 y en Libav v0.5.x antes de v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.6, y v0.8.x antes de v0.8.1 permite... • http://ffmpeg.org • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 14EXPL: 0CVE-2012-0859
https://notcve.org/view.php?id=CVE-2012-0859
20 Aug 2012 — The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893. La función render_line en el codec Vorbis (vorbis.c) en libavcodec de FFmpeg antes de v0.9.1 permite a atacantes remotos provocar una denegación de servicio (por caída de l... • http://ffmpeg.org/security.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 38EXPL: 0CVE-2012-0851
https://notcve.org/view.php?id=CVE-2012-0851
20 Aug 2012 — The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value. La función ff_h264_decode_seq_parameter_set en h264_ps.c en libavcodec en FFmpeg antes de v0.9.1 y en Libav v0.5.x antes de v0.5.9, v0.6.x antes ... • http://ffmpeg.org/security.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 38EXPL: 0CVE-2012-0852
https://notcve.org/view.php?id=CVE-2012-0852
20 Aug 2012 — The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two. La función adpcm_decode_frame en adpcm.c en libavcodec de FFmpeg antes en v0.9.1 y v0.5.x antes en Libav v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.6, y ... • http://ffmpeg.org/security.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2011-4031
https://notcve.org/view.php?id=CVE-2011-4031
09 May 2012 — Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet. Desbordamiento de entero en la función asfrtp_parse_packet en libavformat/rtpdec_asf.c en FFmpeg antes de v0.8.3, permite a atacantes remotos ejecutar secuencias de comandos a través de un paquete ASF manipulado. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c2a2ad133eb9d42361804a568dee336992349a5e • CWE-191: Integer Underflow (Wrap or Wraparound) •