Vulnerabilities > Ffmpeg > Ffmpeg > 0.10.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-02-12 | CVE-2016-2327 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions. | 8.8 |
2016-02-12 | CVE-2016-2326 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file. | 8.8 |
2016-02-03 | CVE-2016-2213 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data. | 6.5 |
2015-12-24 | CVE-2015-8662 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. | 7.3 |
2015-12-24 | CVE-2015-8661 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. | 8.3 |
2015-02-28 | CVE-2014-9676 | Denial-Of-Service vulnerability in FFmpeg The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free. network ffmpeg | 6.8 |
2013-12-09 | CVE-2013-7024 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. | 6.8 |
2013-12-09 | CVE-2013-7023 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. | 6.8 |
2013-12-09 | CVE-2013-7022 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data. | 6.8 |
2013-12-09 | CVE-2013-7021 | Resource Management Errors vulnerability in Ffmpeg The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data. | 6.8 |