Vulnerabilities > Ffmpeg
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-02-10 | CVE-2009-4637 | Buffer Errors vulnerability in Ffmpeg 0.5 FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. | 10.0 |
| 2010-02-10 | CVE-2009-4636 | Code Injection vulnerability in Ffmpeg 0.5 FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. | 4.3 |
| 2010-02-10 | CVE-2009-4635 | Code Injection vulnerability in Ffmpeg 0.5 FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow. | 9.3 |
| 2010-02-10 | CVE-2009-4634 | Numeric Errors vulnerability in Ffmpeg 0.5 Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. | 10.0 |
| 2010-02-10 | CVE-2009-4633 | Numeric Errors vulnerability in Ffmpeg 0.5 vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. | 10.0 |
| 2010-02-10 | CVE-2009-4632 | Numeric Errors vulnerability in Ffmpeg 0.5 oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. | 5.8 |
| 2010-02-10 | CVE-2009-4631 | Numeric Errors vulnerability in Ffmpeg 0.5 Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption. | 9.3 |
| 2008-11-01 | CVE-2008-4869 | Resource Management Errors vulnerability in Ffmpeg FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak." | 10.0 |
| 2008-11-01 | CVE-2008-4868 | Remote Security vulnerability in FFmpeg Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers." | 10.0 |
| 2008-11-01 | CVE-2008-4867 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. | 10.0 |