CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 1CVE-2009-4636 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4636
10 Feb 2010 — FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (colgado) a través de un fichero manipulado que inicia un bucle infinito. Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than 1.0.7 are affected. • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 33%CPEs: 1EXPL: 2CVE-2009-4637 – FFmpeg 0.5 - Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4637
10 Feb 2010 — FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores desconocidos que inicia un desbordamiento de búfer basado en pila. Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted executi... • https://www.exploit-db.com/exploits/33233 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2009-4638 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4638
10 Feb 2010 — Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. Desbordamiento de entero en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (caída) y posiblemente una ejecución de código arbitrario a través de vectores desconocidos. Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 1CVE-2009-4640 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4640
10 Feb 2010 — Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. Error de indexación de array en vorbis_dec.c in FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar y posiblemente ejecutar código arbitrario a través de un fichero Vorbis manipulado que inicia una lectura fuera de rango. Multiple vulnerabilities were found in FFm... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 4%CPEs: 1EXPL: 1CVE-2009-4639 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4639
10 Feb 2010 — The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. La funcion av_rescale_rnd en AVI demuxer en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (caída) a través de un fichero AVI manipulado que inicia un error de división por cero. Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted ex... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 11%CPEs: 9EXPL: 0CVE-2009-0385
https://notcve.org/view.php?id=CVE-2009-0385
02 Feb 2009 — Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. Error de presencia de signo en entero en la función fourxm_read_header en libavformat/4xm.c en FFmpeg versiones anteriores a revision 16846 permite a atacantes remotos ejecutar código de su elección a través de un fichero de vídeo 4X malforma... • http://git.ffmpeg.org/?p=ffmpeg%3Ba=commitdiff%3Bh=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17 •
CVSS: 10.0EPSS: 7%CPEs: 15EXPL: 3CVE-2008-4866
https://notcve.org/view.php?id=CVE-2008-4866
31 Oct 2008 — Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY. Múltiples desbordamientos de búfer en libavformat/utils.c en FFmpeg 0.4.9 antes de r14715, como lo usa MPlayer, permite a atacantes dependientes del contexto tener un impacto desconocido mediante vectores relacionados con código de generación de DTS c... • http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 15EXPL: 0CVE-2008-4867
https://notcve.org/view.php?id=CVE-2008-4867
31 Oct 2008 — Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. Desbordamiento de búfer en libavcodec/dca.c en FFmpeg 0.4.9 antes de r14917, como es usado por MPlayer, permite a atacantes dependientes del contexto tener un impacto desconocido mediante vectores relacionados con un valor DCA_MAX_FRAME_SIZE incorrecto. • http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4868
https://notcve.org/view.php?id=CVE-2008-4868
31 Oct 2008 — Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers." Vulnerabilidad no especificada en la función avcodec_close en libavcodec/utils.c en FFmpeg 0.4.9 antes de r14787, como lo usa MPlayer, tiene un impacto y vectores de ataque desconocidos, relacionado con una liberación de "punteros aleatorios". • http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html •
CVSS: 10.0EPSS: 1%CPEs: 15EXPL: 0CVE-2008-4869
https://notcve.org/view.php?id=CVE-2008-4869
31 Oct 2008 — FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak." FFmpeg 0.4.9, del modo que lo usa MPlayer, permite a atacantes dependientes del contexto provocar una denegación de servicio (agotamiento de memoria) mediante vectores desconocidos, también conocido como "Tcp/udp memory leak (fuga de memoria tcp/udp)". • http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html • CWE-399: Resource Management Errors •