Vulnerabilities > Ffmpeg
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-23 | CVE-2016-7502 | Out-of-bounds Read vulnerability in Ffmpeg The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. | 6.8 |
| 2016-12-23 | CVE-2016-7450 | Out-of-bounds Read vulnerability in Ffmpeg The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. | 6.8 |
| 2016-12-23 | CVE-2016-7122 | Resource Management Errors vulnerability in Ffmpeg The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. | 4.3 |
| 2016-12-23 | CVE-2016-6881 | Resource Management Errors vulnerability in Ffmpeg The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. | 4.3 |
| 2016-12-23 | CVE-2016-6671 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. | 6.8 |
| 2016-08-05 | CVE-2016-2839 | Improper Input Validation vulnerability in Mozilla Firefox and Firefox ESR Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video. | 4.3 |
| 2016-06-16 | CVE-2016-3062 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. | 8.8 |
| 2016-02-12 | CVE-2016-2330 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions. | 8.8 |
| 2016-02-12 | CVE-2016-2329 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions. | 8.8 |
| 2016-02-12 | CVE-2016-2328 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions. | 8.8 |