CVSS: 6.5EPSS: 8%CPEs: 2EXPL: 1CVE-2017-9608 – Debian Security Advisory 3957-1
https://notcve.org/view.php?id=CVE-2017-9608
28 Aug 2017 — The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. El decodificador dnxhd en FFmpeg, en versiones anteriores a la 3.2.6 y versiones 3.3.x anteriores a la 3.3.3, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL) mediante un archivo mov manipulado. Several vulnerabilities have been discovered in FFmpeg, a multimedia player, ... • https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 33%CPEs: 14EXPL: 1CVE-2016-10190
https://notcve.org/view.php?id=CVE-2016-10190
09 Feb 2017 — Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. Desbordamiento de búfer basado en memoria dinámica en libavformat/http.c en FFmpeg en versiones anteriores a 2.8.10, 3.0.x en versiones anteriores a 3.0.5, 3.1.x en versiones anteriores a 3.1.6 y 3.2.x en versiones anteriores a 3.2.2 permite a servidores web rem... • https://github.com/muzalam/FFMPEG-exploit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 19%CPEs: 14EXPL: 1CVE-2016-10191
https://notcve.org/view.php?id=CVE-2016-10191
09 Feb 2017 — Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. Desbordamiento de búfer basado en memoria dinámica en libavformat/rtmppkt.c en FFmpeg en versiones anteriores a 2.8.10, 3.0.x en versiones anteriores a 3.0.5, 3.1.x en versiones anteriores a 3.1.6 y 3.2.x en versiones anteriores a 3.2.2 permite... • https://ffmpeg.org/security.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 68%CPEs: 10EXPL: 1CVE-2016-5198 – Google Chromium V8 Out-of-Bounds Memory Vulnerability
https://notcve.org/view.php?id=CVE-2016-5198
08 Nov 2016 — A heap-corruption issue was discovered in FFmpeg. • http://rhn.redhat.com/errata/RHSA-2016-2672.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 57%CPEs: 84EXPL: 2CVE-2016-1897 – Gentoo Linux Security Advisory 201705-08
https://notcve.org/view.php?id=CVE-2016-1897
15 Jan 2016 — FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. FFmpeg 2.x permite a atacantes remotos llevar a cabo ataques de origen cruzado y leer archivos arbitrarios usando el protocolo concat en un archivo HTTP Live Streaming (HLS) M3U8, dando lugar a una petición HTTP externa en la que la ... • http://habrahabr.ru/company/mailru/blog/274855 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 33%CPEs: 84EXPL: 1CVE-2016-1898 – Gentoo Linux Security Advisory 201705-08
https://notcve.org/view.php?id=CVE-2016-1898
15 Jan 2016 — FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file. FFmpeg 2.x permite a atacantes remotos llevar a cabo ataques de origen cruzado y leer archivos arbitrarios usando el protocolo subfile en un archivo HTTP Live Streaming (HLS) M3U8, dando lugar a una petición HTTP externa en la qu... • http://habrahabr.ru/company/mailru/blog/274855 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 1CVE-2014-9676 – Gentoo Linux Security Advisory 201606-09
https://notcve.org/view.php?id=CVE-2014-9676
28 Feb 2015 — The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free. La función seg_write_packet en libavformat/segment.c en ffmpeg 2.1.4 y anteriores no libera la localización de memoria correcta, lo que permite a atacantes remotos causar una denegación de servicio ... • http://seclists.org/oss-sec/2015/q1/38 •
CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 2CVE-2014-4610 – Mandriva Linux Security Advisory 2014-129
https://notcve.org/view.php?id=CVE-2014-4610
09 Jul 2014 — Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. ... Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to in decode_ac_filter, and (3) too many bits in decode_channel_residues(). libavcodec/wma... • http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 1CVE-2014-4609 – Mandriva Linux Security Advisory 2014-129
https://notcve.org/view.php?id=CVE-2014-4609
09 Jul 2014 — Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to in decode_ac_filter, and (3) too many bits in decode_channel_residues(). libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted WMA data. The msrle_decode_frame function in libavcodec/m... • http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2012-6616
https://notcve.org/view.php?id=CVE-2012-6616
24 Dec 2013 — The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data. La función mov_text_decode_frame en libavcodec/movtextdec.c en FFmpeg anteriores a 1.0.2 permite a atacantes remotos causar denegación de servicio (lectura fuera de límites y caída) a través de datos 3GPP TS 26.245 manipulados. • p=ffmpeg.git%3Ba=commitdiff%3Bh=68e48ed72e0597ae61bc3e9e6e6d9edcb1a00073 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •