CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4705
https://notcve.org/view.php?id=CVE-2010-4705
Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480. Desbordamiento de entero en la función vorbis_residue_decode_internal de libavcodec/vorbis_dec.c del decodificador Vorbis de FFmpeg, posiblemente 0.6. Tiene un impacto sin especificar y vectores de ataque remotos, relacionado con el tamaño de determinados tipos de dato entero. NOTA: se puede sobrelapar con la vulnerabilidad CVE-2011-0480. • http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=366d919016a679d3955f6fe5278fa7ce4f47b81e http://secunia.com/advisories/43323 http://www.debian.org/security/2011/dsa-2165 http://www.securityfocus.com/bid/46294 • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 19%CPEs: 17EXPL: 1CVE-2010-4704
https://notcve.org/view.php?id=CVE-2010-4704
libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480. libavcodec/vorbis_dec.c del decodificador Vorbis de FFmpeg 0.6.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un fichero .ogg modificado, relacionado con la función vorbis_floor0_decode. NOTA: se puede sobrelapar con la vulnerabilidad CVE-2011-0480. • http://ffmpeg.mplayerhq.hu http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078 http://secunia.com/advisories/43323 http://www.debian.org/security/2011/dsa-2165 http://www.debian.org/security/2011/dsa-2306 http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 http://www.mandriva.com/security/advisories? • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 4%CPEs: 109EXPL: 0CVE-2010-3429
https://notcve.org/view.php?id=CVE-2010-3429
flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability." flicvideo.c en libavcodec 0.6 y versiones anteriores en FFmpeg, tal como es usado en MPlayer y otros productos, permite a atacantes remotos ejecutar código de su elección mediante un fichero flic manipulado, relacionado con una "arbitrary offset dereference vulnerability." • http://git.ffmpeg.org/?p=ffmpeg%3Ba=commit%3Bh=16c592155f117ccd7b86006c45aacc692a81c23b http://secunia.com/advisories/41626 http://secunia.com/advisories/43323 http://www.debian.org/security/2011/dsa-2165 http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 http://www.mandriva.com/security/advisories? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1CVE-2009-4639
https://notcve.org/view.php?id=CVE-2009-4639
The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. La funcion av_rescale_rnd en AVI demuxer en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (caída) a través de un fichero AVI manipulado que inicia un error de división por cero. • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html http://secunia.com/advisories/36805 http://secunia.com/advisories/39482 http://www.mandriva.com/security/advisories?name=MDVSA-2011:059 http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 http://www.mandriva.com/security/advisories? • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2009-4634
https://notcve.org/view.php?id=CVE-2009-4634
Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. Múltiples desbordamientos de entero en FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar código arbitrario a través de un fichero manipulado que (1) evita la comprobación de vorbis_dec.c e inicia un cruce del puntero de la pila, o (2) un acceso a un puntero fuera del rango de la memoria en mov.c, relacionado con el tag elst que aparece antes de un tag y crea un stream. • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html http://secunia.com/advisories/36805 http://secunia.com/advisories/38643 http://secunia.com/advisories/39482 http://www.debian.org/security/2010/dsa-2000 http://www.mandriva.com/security/advisories?name=MDVSA-2011:059 http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 http&# • CWE-189: Numeric Errors •