CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8662
https://notcve.org/view.php?id=CVE-2015-8662
24 Dec 2015 — The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. La función ff_dwt_decode en libavcodec/jpeg2000dwt.c en FFmpeg en versiones anteriores a la 2.8.4 no valida el número de niveles de descomposición antes de procede... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8218
https://notcve.org/view.php?id=CVE-2015-8218
17 Nov 2015 — The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data. La función decode_uncompressed en libavcodec/faxcompr.c en FFmpeg en versiones anteriores a 2.8.2 no valida ejecuciones descomprimidas, lo que permite a atacantes remotos causar una denegación de servicio (acceso fuera de rango al array... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8219
https://notcve.org/view.php?id=CVE-2015-8219
17 Nov 2015 — The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. La función init_tile en libavcodec/jpeg2000dec.c en FFmpeg en versiones anteriores a 2.8.2 no hace cumplir las restricciones de valor mínimo y valor máximo en las coordenadas del recuadro, lo que pe... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=43492ff3ab68a343c1264801baa1d5a02de10167 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8217
https://notcve.org/view.php?id=CVE-2015-8217
17 Nov 2015 — The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data. La función ff_hevc_parse_sps en libavcodec/hevc_ps.c en FFmpeg en versiones anteriores a 2.8.2 no valida el Chroma Format Indicator, lo que permite a atacantes remotos causar una denegación de servicio (... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=93f30f825c08477fe8f76be00539e96014cc83c8 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8216
https://notcve.org/view.php?id=CVE-2015-8216
17 Nov 2015 — The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. La función ljpeg_decode_yuv_scan en libavcodec/mjpegdec.c en FFmpeg en versiones anteriores a 2.8.2 omite cierta comprobación de anchura y altura, lo que permite a atacantes remotos causar una denegación de servicio (acceso fuera de ran... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d24888ef19ba38b787b11d1ee091a3d94920c76a • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6761 – chromium-browser: Memory corruption in FFMpeg
https://notcve.org/view.php?id=CVE-2015-6761
15 Oct 2015 — The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. La función update_dimensions en libavcodec/vp8.c en FFmpeg hasta la versión 2.8.1, como se utiliza en Google Chrome en versiones ante... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=dabea74d0e82ea80cd344f630497cafcb3ef872c • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6821
https://notcve.org/view.php?id=CVE-2015-6821
06 Sep 2015 — The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data. Vulnerabilidad en la función ff_mpv_common_init en libavcodec/mpegvideo.c en FFmpeg en versiones anteriores a 2.7.2, no mantiene correctamente el contexto de codificación, lo que permite a atacantes remotos causar una denegación de s... • http://ffmpeg.org/security.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6823
https://notcve.org/view.php?id=CVE-2015-6823
06 Sep 2015 — The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. Vulnerabilidad en la función allocate_buffers en libavcodec/alac.c en FFmpeg en versiones anteriores a 2.7.2, no inicializa ciertos datos de contexto, lo que permite a atacantes remotos causar una denegación de servici... • http://ffmpeg.org/security.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6819
https://notcve.org/view.php?id=CVE-2015-6819
06 Sep 2015 — Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. Múltiples vulnerabilidades de desbordamiento inferior de entero en la función ff_mjpeg_decode_frame en libavcodec/mjpegdec.c en FFmpeg en versiones anteriores a 2.7.2, permite a atacantes remotos causar una denegación de servicio (acceso a array fuera... • http://ffmpeg.org/security.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6822
https://notcve.org/view.php?id=CVE-2015-6822
06 Sep 2015 — The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. Vulnerabilidad en la función destroy_buffers en libavcodec/sanm.c en FFmpeg en versiones anteriores a 2.7.2, no mantiene correctamente los valores de alto y ancho en el contexto ... • http://ffmpeg.org/security.html • CWE-17: DEPRECATED: Code •