CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2009-4632 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4632
10 Feb 2010 — oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. oggparsevorbis.c en FFmpeg v0.5 no realiza correctamente cierto puntero aritmético, lo que permite a atacantes remotos obtener información de contenidos sensibles de memoria y producir una denegación de servicio a través de un fichero que inicia una lectura fuera de ran... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2009-4634 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4634
10 Feb 2010 — Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. Múltiples desbordamientos de entero en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 15%CPEs: 1EXPL: 2CVE-2009-4637 – FFmpeg 0.5 - Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4637
10 Feb 2010 — FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores desconocidos que inicia un desbordamiento de búfer basado en pila. Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted executi... • https://www.exploit-db.com/exploits/33233 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2009-4636 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4636
10 Feb 2010 — FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (colgado) a través de un fichero manipulado que inicia un bucle infinito. Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than 1.0.7 are affected. • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 1CVE-2009-4635 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4635
10 Feb 2010 — FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar código arbitrario a través de un contenedor MOV con tag impropi... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2009-4633 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4633
10 Feb 2010 — vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. vorbis_dec.c en FFmpeg v0.5 utiliza un operador de asignación cuando el generador estaba destinado a una comparación, lo que permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar codigo arbit... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2009-4638 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4638
10 Feb 2010 — Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. Desbordamiento de entero en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (caída) y posiblemente una ejecución de código arbitrario a través de vectores desconocidos. Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 45%CPEs: 9EXPL: 0CVE-2009-0385
https://notcve.org/view.php?id=CVE-2009-0385
02 Feb 2009 — Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. Error de presencia de signo en entero en la función fourxm_read_header en libavformat/4xm.c en FFmpeg versiones anteriores a revision 16846 permite a atacantes remotos ejecutar código de su elección a través de un fichero de vídeo 4X malforma... • http://git.ffmpeg.org/?p=ffmpeg%3Ba=commitdiff%3Bh=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17 •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4867
https://notcve.org/view.php?id=CVE-2008-4867
31 Oct 2008 — Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. Desbordamiento de búfer en libavcodec/dca.c en FFmpeg 0.4.9 antes de r14917, como es usado por MPlayer, permite a atacantes dependientes del contexto tener un impacto desconocido mediante vectores relacionados con un valor DCA_MAX_FRAME_SIZE incorrecto. • http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4869
https://notcve.org/view.php?id=CVE-2008-4869
31 Oct 2008 — FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak." FFmpeg 0.4.9, del modo que lo usa MPlayer, permite a atacantes dependientes del contexto provocar una denegación de servicio (agotamiento de memoria) mediante vectores desconocidos, también conocido como "Tcp/udp memory leak (fuga de memoria tcp/udp)". • http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html • CWE-399: Resource Management Errors •