CVSS: 10.0EPSS: 1%CPEs: 20EXPL: 0CVE-2011-2162
https://notcve.org/view.php?id=CVE-2011-2162
20 May 2011 — Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers." Múltiples vulnerabilidades no especificadas en FFmpeg v0.4.x hasta v0.6.x, tal como se utiliza en MPlayer v1.0 y otros productos, en Mandriva Linux v2009.0, v2010.0 y... • http://www.mandriva.com/security/advisories?name=MDVSA-2011:059 •
CVSS: 8.8EPSS: 1%CPEs: 19EXPL: 0CVE-2010-3908 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2010-3908
20 May 2011 — FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. FFmpeg antes de v0.5.4, tal como se utiliza en MPlayer y otros productos, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) o posiblemente ejecutar código de su elección a través de un formato incorrecto de archivo WMV. Multiple vu... • http://ffmpeg.mplayerhq.hu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 4%CPEs: 17EXPL: 1CVE-2010-4704 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2010-4704
22 Jan 2011 — libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480. libavcodec/vorbis_dec.c del decodificador Vorbis de FFmpeg 0.6.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un fichero .ogg modificado, relacionado con la función vorbis_floor0_decode... • http://ffmpeg.mplayerhq.hu • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4705 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2010-4705
22 Jan 2011 — Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480. Desbordamiento de entero en la función vorbis_residue_decode_internal de libavcodec/vorbis_dec.c del decodificador Vorbis de FFmpeg, posiblemente 0.6. Tiene un impacto sin especificar y vectores de ataque remotos, relacionado con el... • http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=366d919016a679d3955f6fe5278fa7ce4f47b81e • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 5%CPEs: 109EXPL: 0CVE-2010-3429 – Gentoo Linux Security Advisory 201310-13
https://notcve.org/view.php?id=CVE-2010-3429
30 Sep 2010 — flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability." flicvideo.c en libavcodec 0.6 y versiones anteriores en FFmpeg, tal como es usado en MPlayer y otros productos, permite a atacantes remotos ejecutar código de su elección mediante un fichero flic manipulado, relacionado con una "arbitrary offset dereference vulnerability." Multiple vu... • http://git.ffmpeg.org/?p=ffmpeg%3Ba=commit%3Bh=16c592155f117ccd7b86006c45aacc692a81c23b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 4%CPEs: 1EXPL: 1CVE-2009-4631 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4631
10 Feb 2010 — Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption. Error de superación de límite (Off-by-one) en el decodificador VP3 en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar código arbitrario a través de un fichero VP3 manipulado que inicia una lectura fuera de rango y posiblem... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 1CVE-2009-4632 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4632
10 Feb 2010 — oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. oggparsevorbis.c en FFmpeg v0.5 no realiza correctamente cierto puntero aritmético, lo que permite a atacantes remotos obtener información de contenidos sensibles de memoria y producir una denegación de servicio a través de un fichero que inicia una lectura fuera de ran... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 1CVE-2009-4633 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4633
10 Feb 2010 — vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. vorbis_dec.c en FFmpeg v0.5 utiliza un operador de asignación cuando el generador estaba destinado a una comparación, lo que permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar codigo arbit... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 1CVE-2009-4634 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4634
10 Feb 2010 — Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. Múltiples desbordamientos de entero en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 9%CPEs: 1EXPL: 1CVE-2009-4635 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4635
10 Feb 2010 — FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar código arbitrario a través de un contenedor MOV con tag impropi... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •