CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6822
https://notcve.org/view.php?id=CVE-2015-6822
06 Sep 2015 — The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. Vulnerabilidad en la función destroy_buffers en libavcodec/sanm.c en FFmpeg en versiones anteriores a 2.7.2, no mantiene correctamente los valores de alto y ancho en el contexto ... • http://ffmpeg.org/security.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6823
https://notcve.org/view.php?id=CVE-2015-6823
06 Sep 2015 — The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. Vulnerabilidad en la función allocate_buffers en libavcodec/alac.c en FFmpeg en versiones anteriores a 2.7.2, no inicializa ciertos datos de contexto, lo que permite a atacantes remotos causar una denegación de servici... • http://ffmpeg.org/security.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6824 – Ubuntu Security Notice USN-2944-1
https://notcve.org/view.php?id=CVE-2015-6824
06 Sep 2015 — The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. Vulnerabilidad en la función sws_init_context en libswscale/utils.c en FFmpeg en versiones anteriores a 2.7.2, no inicializa ciertas estructuras de datos pixbuf, lo que permite a atacantes remotos causar una denegación de servicio (vio... • http://ffmpeg.org/security.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6825
https://notcve.org/view.php?id=CVE-2015-6825
06 Sep 2015 — The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file. Vulnerabilidad en la función ff_frame_thread_init en libavcodec/pthread_frame.c en FFmpeg en versiones anteriores a 2.7.2, no maneja correctamente ciertos fallos de asignación de memoria, lo que permi... • http://ffmpeg.org/security.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6826 – Ubuntu Security Notice USN-2944-1
https://notcve.org/view.php?id=CVE-2015-6826
06 Sep 2015 — The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data. Vulnerabilidad en la función ff_rv34_decode_init_thread_copy en libavcodec/rv34.c en FFmpeg en versiones anteriores a 2.7.2, no inicializa ciertos miembros de estructura, lo que permite a atacantes rem... • http://ffmpeg.org/security.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1872 – Ubuntu Security Notice USN-2944-1
https://notcve.org/view.php?id=CVE-2015-1872
26 Jul 2015 — The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. Vulnerabilidad en la función ff_mjpeg_decode_sof en libavcodec/mjpegdec.c en FFmpeg en versiones anteriores a 2.5.4, no valida el número de componentes en un segmento de JPEG-LS Start Of Fram... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=fabbfaa095660982cc0bc63242c459561fa37037 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 38EXPL: 0CVE-2015-3395 – Gentoo Linux Security Advisory 201705-08
https://notcve.org/view.php?id=CVE-2015-3395
15 Jun 2015 — The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. La función msrle_decode_pal4 en msrledec.c en Libav anterior a 10.7 y 11.x anterior a 11.4 y FFmpeg anterior a 2.0.7, 2.2.x anterior a 2.2.15, 2.4.x anterior a 2.4.8, 2.5... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3417 – Gentoo Linux Security Advisory 201705-08
https://notcve.org/view.php?id=CVE-2015-3417
24 Apr 2015 — Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data. Vulnerabilidad de uso después de liberación en la función ff_h264_free_tables en libavcodec/h264.c en FFmpeg anterior a 2.3.6 permite a atacantes remotos causar una denegación de servicio o posiblemen... • http://seclists.org/fulldisclosure/2015/Apr/31 •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2014-7933 – chromium-browser: use-after-free in FFmpeg
https://notcve.org/view.php?id=CVE-2014-7933
22 Jan 2015 — Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data. Vulnerabilidad de uso después de liberación en la función matroska_read_seek en libavformat/matroskadec.c en FFmpeg anterior a 2.5.1, utilizado en Google Chrome anterior a 40.... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=490a3ebf36821b81f73e34ad3f554cb523dd2682 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2014-7937 – chromium-browser: use-after-free in FFmpeg
https://notcve.org/view.php?id=CVE-2014-7937
22 Jan 2015 — Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data. Múltiples errores de superación de límite (off-by-one) en libavcodec/vorbisdec.c en FFmpeg anterior a 2.4.2, utilizado en Google Chrome anterior a 40.0.2214.91, permiten a atacantes remotos causar una denegación de servicio (uso después de liberación)... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8c50704ebf1777bee76772c4835d9760b3721057 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •