CVSS: 8.8EPSS: 0%CPEs: 59EXPL: 0CVE-2013-2496
https://notcve.org/view.php?id=CVE-2013-2496
09 Mar 2013 — The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data. La función msrle_decode_8_16_24_32 en msrledec.c en libavcodec en FFmpeg a través de v1.1.3 no trata correctamente ciertos punteros, lo que permite a atacantes remotos provocar una denegaci... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e398990eb87785e20e065cd3f14d1dbb69df4392 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 58EXPL: 0CVE-2013-2276
https://notcve.org/view.php?id=CVE-2013-2276
27 Feb 2013 — The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data. La función avcodec_decode_audio4 de utils.c en libavcodec de FFmpeg antes de v1.1.3 no comprueba el estado de decodificación antes de proceder a determinadas operaciones ... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8a6449167a6da8cb747cfe3502ae86ffaac2ed48 •
CVSS: 8.8EPSS: 0%CPEs: 58EXPL: 0CVE-2013-2277
https://notcve.org/view.php?id=CVE-2013-2277
27 Feb 2013 — The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data. La función ff_h264_decode_seq_parameter_set de h264_ps.c en libavcodec de FFmpeg antes de v1.1.3 no realiza la validación de relaciones entre "luma depth" y "chroma dep... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-0894 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2013-0894
23 Feb 2013 — Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. Desbordamiento de búfer en la función vorbis_par... • http://git.chromium.org/gitweb/?p=chromium/deps/ffmpeg.git%3Ba=commit%3Bh=e1e70d9bb9852b7d099379afc95531a632a20ba5 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 95EXPL: 0CVE-2011-3937 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2011-3937
05 Jan 2013 — The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads." El codificador-decodificador H.263 (libavcodec/h263dec.c) en FFmpeg versión 0.7.x anterior a 0.7.12, versión 0.8.x anterior a 0.8.11, y versiones no específicas anterior a 0.10, y en Libav v... • http://ffmpeg.org/security.html •
CVSS: 10.0EPSS: 0%CPEs: 68EXPL: 0CVE-2012-2772 – Gentoo Linux Security Advisory 201406-28
https://notcve.org/view.php?id=CVE-2012-2772
10 Sep 2012 — Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing with frame threading." Vulnerabilidad no especificada en la función ff_rv34_decode_frame en libavcodec/rv34.c en FFmpeg anterior a v0.11 tiene un impacto desconocido y vectores de ataque, relacionado con "width/height cambiando con el marco threading". Multiple vulnerabilities w... • http://ffmpeg.org/security.html •
CVSS: 6.5EPSS: 1%CPEs: 54EXPL: 0CVE-2012-2774 – Gentoo Linux Security Advisory 201310-12
https://notcve.org/view.php?id=CVE-2012-2774
10 Sep 2012 — The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, related to starting "a frame outside SETUP state." La función ff_MPV_frame_start en libavcodec/mpegvideo.c en FFmpeg anterior a v0.11 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, se refieren a iniciar "un marco fuera de estado de configuración." Multip... • http://ffmpeg.org/security.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 68EXPL: 0CVE-2012-2775 – Gentoo Linux Security Advisory 201406-28
https://notcve.org/view.php?id=CVE-2012-2775
10 Sep 2012 — Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof." Una vulnerabilidad no especificada en la función read_var_block_data en libavcodec/alsdec.c en FFmpeg antes de v0.11 tiene un impacto y vectores de ataque desconocidos. Se trata de un problema relacionado con un pedido grande y una "escritura fu... • http://ffmpeg.org/security.html •
CVSS: 10.0EPSS: 0%CPEs: 59EXPL: 0CVE-2012-2776 – Gentoo Linux Security Advisory 201406-28
https://notcve.org/view.php?id=CVE-2012-2776
10 Sep 2012 — Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to an "out of picture write." Vulnerabilidad no especificada en la función decode_cell_data en libavcodec/indeo3.c en FFmpeg anterior a v0.11 tiene un impacto desconocido y vectores de ataque, relacionado con un "fuera de grabación de imágenes." Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote ... • http://ffmpeg.org/security.html •
CVSS: 10.0EPSS: 0%CPEs: 68EXPL: 0CVE-2012-2777 – Gentoo Linux Security Advisory 201406-28
https://notcve.org/view.php?id=CVE-2012-2777
10 Sep 2012 — Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784. Vulnerabilidad no especificada en la función decode_pic en libavcodec/cavsdec.c en FFmpeg anterior a v0.11 tiene un impacto desconocido y vectores de ataque, relacionado con "width/height cambiando en CAVS", una vulnerabilidad dif... • http://ffmpeg.org/security.html •