CVSS: 8.8EPSS: 1%CPEs: 62EXPL: 0CVE-2011-3952 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3952
14 Jun 2012 — The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file. La función decode_init en kmvc.c en libavcodec de FFmpeg antes de v0.10 y en Libav v0.5.x antes de v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.6, y v0.8.x antes de v0.8.1 permite... • http://ffmpeg.org • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 33EXPL: 0CVE-2012-0858 – Gentoo Linux Security Advisory 201210-06
https://notcve.org/view.php?id=CVE-2012-0858
15 May 2012 — The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free". El codec Shorten (shorten.c) en libavcodec de FFmpeg en v0.7.x antes de v0.7.12 y v0.8.x antes de v0.8.11, y en Libav v0.5.x antes de v0.5.9, v0.6.x ... • http://ffmpeg.org • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 95EXPL: 0CVE-2011-3937 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3937
15 May 2012 — The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads." El codificador-decodificador H.263 (libavcodec/h263dec.c) en FFmpeg versión 0.7.x anterior a 0.7.12, versión 0.8.x anterior a 0.8.11, y versiones no específicas anterior a 0.10, y en Libav v... • http://ffmpeg.org/security.html •
CVSS: 8.8EPSS: 2%CPEs: 40EXPL: 0CVE-2011-3945 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3945
15 May 2012 — The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file. La función decode_frame en el decodificador KVG1 (kgv1dec.c) en libavcodec en FFmpeg v0.7.x anterior a v0.7.12 y v0.8.x anterior a v0.8.11, y en Libav v0.5.x anterio... • http://ffmpeg.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 40EXPL: 1CVE-2012-0853 – Gentoo Linux Security Advisory 201210-06
https://notcve.org/view.php?id=CVE-2012-0853
14 May 2012 — The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file. La función decodeTonalComponents en el codec Actrac3 (atrac3.c) en libavcodec de FFmpeg v0.7.x antes de v0.7.12, y v... • http://ffmpeg.org/trac/ffmpeg/ticket/780 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 33EXPL: 0CVE-2011-3929 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3929
14 May 2012 — The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file. La función avpriv_dv_produce_packet en libavcodec de FFmpeg v0.7.x antes de v0.7.12 y y v0.8.x antes de v0.8.11 en Libav v0.5.x antes de v0.5.9, v0.6... • http://ffmpeg.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 41EXPL: 0CVE-2011-3936 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3936
14 May 2012 — The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file. La función dv_extract_audio en libavcodec de FFmpeg en v0.7.x antes de v0.7.12 y v0.8.x antes de y v0.8.11 y en Libav v0.5.x antes de v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.5 y v0.8.x a... • http://ffmpeg.org • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 1%CPEs: 33EXPL: 0CVE-2011-3940 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3940
14 May 2012 — nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams." nsvdec.c en libavcodec de FFmpeg en v0.7.x antes de v0.7.12 y v0.8.x antes de v0.8.11, y en Libav v0.5.x antes de v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.5 y v0.8.x antes ... • http://ffmpeg.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 3%CPEs: 33EXPL: 0CVE-2011-3947 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3947
14 May 2012 — Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file. Un desbordamiento de búfer en mjpegbdec.c en libavcodec en FFmpeg v0.7.x antes de v0.7.12 y v0.8.x antes de v0.8.11, y en Libav v0.5.x antes de v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes d... • http://ffmpeg.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4031 – Ubuntu Security Notice USN-1478-1
https://notcve.org/view.php?id=CVE-2011-4031
09 May 2012 — Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet. Desbordamiento de entero en la función asfrtp_parse_packet en libavformat/rtpdec_asf.c en FFmpeg antes de v0.8.3, permite a atacantes remotos ejecutar secuencias de comandos a través de un paquete ASF manipulado. Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed DV files. If a user w... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c2a2ad133eb9d42361804a568dee336992349a5e • CWE-191: Integer Underflow (Wrap or Wraparound) •