CVSS: 8.8EPSS: 1%CPEs: 19EXPL: 0CVE-2010-3908 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2010-3908
20 May 2011 — FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. FFmpeg antes de v0.5.4, tal como se utiliza en MPlayer y otros productos, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) o posiblemente ejecutar código de su elección a través de un formato incorrecto de archivo WMV. Multiple vu... • http://ffmpeg.mplayerhq.hu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 4%CPEs: 17EXPL: 1CVE-2010-4704 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2010-4704
22 Jan 2011 — libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480. libavcodec/vorbis_dec.c del decodificador Vorbis de FFmpeg 0.6.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un fichero .ogg modificado, relacionado con la función vorbis_floor0_decode... • http://ffmpeg.mplayerhq.hu • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4705 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2010-4705
22 Jan 2011 — Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480. Desbordamiento de entero en la función vorbis_residue_decode_internal de libavcodec/vorbis_dec.c del decodificador Vorbis de FFmpeg, posiblemente 0.6. Tiene un impacto sin especificar y vectores de ataque remotos, relacionado con el... • http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=366d919016a679d3955f6fe5278fa7ce4f47b81e • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 5%CPEs: 109EXPL: 0CVE-2010-3429 – Gentoo Linux Security Advisory 201310-13
https://notcve.org/view.php?id=CVE-2010-3429
30 Sep 2010 — flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability." flicvideo.c en libavcodec 0.6 y versiones anteriores en FFmpeg, tal como es usado en MPlayer y otros productos, permite a atacantes remotos ejecutar código de su elección mediante un fichero flic manipulado, relacionado con una "arbitrary offset dereference vulnerability." Multiple vu... • http://git.ffmpeg.org/?p=ffmpeg%3Ba=commit%3Bh=16c592155f117ccd7b86006c45aacc692a81c23b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 4%CPEs: 1EXPL: 1CVE-2009-4631 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4631
10 Feb 2010 — Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption. Error de superación de límite (Off-by-one) en el decodificador VP3 en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar código arbitrario a través de un fichero VP3 manipulado que inicia una lectura fuera de rango y posiblem... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 1CVE-2009-4632 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4632
10 Feb 2010 — oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. oggparsevorbis.c en FFmpeg v0.5 no realiza correctamente cierto puntero aritmético, lo que permite a atacantes remotos obtener información de contenidos sensibles de memoria y producir una denegación de servicio a través de un fichero que inicia una lectura fuera de ran... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 1CVE-2009-4633 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4633
10 Feb 2010 — vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. vorbis_dec.c en FFmpeg v0.5 utiliza un operador de asignación cuando el generador estaba destinado a una comparación, lo que permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar codigo arbit... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 1CVE-2009-4634 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4634
10 Feb 2010 — Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. Múltiples desbordamientos de entero en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 9%CPEs: 1EXPL: 1CVE-2009-4635 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4635
10 Feb 2010 — FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar código arbitrario a través de un contenedor MOV con tag impropi... • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 1CVE-2009-4636 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2009-4636
10 Feb 2010 — FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (colgado) a través de un fichero manipulado que inicia un bucle infinito. Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than 1.0.7 are affected. • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •