CVE-2018-6912
https://notcve.org/view.php?id=CVE-2018-6912
The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. La función decode_plane en libavcodec/utvideodec.c en FFmpeg hasta la versión 3.4.2 permite a atacantes remotos causar una denegación de servicio (lectura fuera de array) utilizando un archivo AVI manipulado. • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed https://security.gentoo.org/glsa/202003-65 • CWE-125: Out-of-bounds Read •
CVE-2018-6392
https://notcve.org/view.php?id=CVE-2018-6392
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. La función filter_slice en libavfilter/vf_transpose.c en FFmpeg hasta la versión 3.4.1 permite a atacantes remotos causar una denegación de servicio (acceso fuera de array) utilizando un archivo MP4 manipulado. • http://www.securityfocus.com/bid/102848 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235 https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html https://www.debian.org/security/2018/dsa-4249 • CWE-125: Out-of-bounds Read •
CVE-2017-17555
https://notcve.org/view.php?id=CVE-2017-17555
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. La función swri_audio_convert en audioconvert.c en FFmpeg libswresample hasta 3.0.101, tal y como se emplea en FFmpeg 3.4.1, aubio 0.4.6 y otros productos, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicación) mediante un archivo de audio manipulado. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference%28DoS%29%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md • CWE-476: NULL Pointer Dereference •
CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup http://secunia.com/advisories/17892 http://secunia.com/advisories/18066 http://secunia.com/advisories/18087 http://secunia.com/advisories/18107 http://secunia.com/advisories/18400 http://secunia.com/advisories/18739 http://secunia.com/advisories/18746 http://secunia.com/advisories/19114 http://secunia.com/advisories/19192 http://secunia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •