CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 1CVE-2009-4634 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4634
10 Feb 2010 — Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. Múltiples desbordamientos de entero en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 9%CPEs: 1EXPL: 1CVE-2009-4635 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4635
10 Feb 2010 — FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar código arbitrario a través de un contenedor MOV con tag impropi... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 1CVE-2009-4636 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4636
10 Feb 2010 — FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (colgado) a través de un fichero manipulado que inicia un bucle infinito. Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than 1.0.7 are affected. • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 33%CPEs: 1EXPL: 2CVE-2009-4637 – FFmpeg 0.5 - Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4637
10 Feb 2010 — FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores desconocidos que inicia un desbordamiento de búfer basado en pila. Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted executi... • https://www.exploit-db.com/exploits/33233 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2009-4638 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4638
10 Feb 2010 — Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. Desbordamiento de entero en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (caída) y posiblemente una ejecución de código arbitrario a través de vectores desconocidos. Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 1CVE-2009-4640 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4640
10 Feb 2010 — Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. Error de indexación de array en vorbis_dec.c in FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar y posiblemente ejecutar código arbitrario a través de un fichero Vorbis manipulado que inicia una lectura fuera de rango. Multiple vulnerabilities were found in FFm... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 4%CPEs: 1EXPL: 1CVE-2009-4639 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4639
10 Feb 2010 — The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. La funcion av_rescale_rnd en AVI demuxer en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (caída) a través de un fichero AVI manipulado que inicia un error de división por cero. Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted ex... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 11%CPEs: 9EXPL: 0CVE-2009-0385
https://notcve.org/view.php?id=CVE-2009-0385
02 Feb 2009 — Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. Error de presencia de signo en entero en la función fourxm_read_header en libavformat/4xm.c en FFmpeg versiones anteriores a revision 16846 permite a atacantes remotos ejecutar código de su elección a través de un fichero de vídeo 4X malforma... • http://git.ffmpeg.org/?p=ffmpeg%3Ba=commitdiff%3Bh=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17 •
CVSS: 10.0EPSS: 7%CPEs: 15EXPL: 3CVE-2008-4866
https://notcve.org/view.php?id=CVE-2008-4866
31 Oct 2008 — Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY. Múltiples desbordamientos de búfer en libavformat/utils.c en FFmpeg 0.4.9 antes de r14715, como lo usa MPlayer, permite a atacantes dependientes del contexto tener un impacto desconocido mediante vectores relacionados con código de generación de DTS c... • http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 15EXPL: 0CVE-2008-4867
https://notcve.org/view.php?id=CVE-2008-4867
31 Oct 2008 — Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. Desbordamiento de búfer en libavcodec/dca.c en FFmpeg 0.4.9 antes de r14917, como es usado por MPlayer, permite a atacantes dependientes del contexto tener un impacto desconocido mediante vectores relacionados con un valor DCA_MAX_FRAME_SIZE incorrecto. • http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •