Vulnerabilities > Ffmpeg > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-31 | CVE-2017-14056 | Excessive Iteration vulnerability in Ffmpeg 3.3.3 In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. | 6.5 |
| 2017-08-31 | CVE-2017-14055 | Excessive Iteration vulnerability in Ffmpeg 3.3.3 In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. | 6.5 |
| 2017-08-31 | CVE-2017-14054 | Excessive Iteration vulnerability in Ffmpeg 3.3.3 In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. | 6.5 |
| 2016-12-23 | CVE-2016-9561 | Resource Management Errors vulnerability in Ffmpeg The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. | 5.5 |
| 2016-12-23 | CVE-2016-8595 | Improper Input Validation vulnerability in Ffmpeg The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | 5.5 |
| 2016-12-23 | CVE-2016-7905 | NULL Pointer Dereference vulnerability in Ffmpeg The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. | 5.5 |
| 2016-12-23 | CVE-2016-7785 | Improper Input Validation vulnerability in Ffmpeg The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | 5.5 |
| 2016-12-23 | CVE-2016-7562 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. | 5.5 |
| 2016-12-23 | CVE-2016-7555 | Information Exposure vulnerability in Ffmpeg The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. | 5.5 |
| 2016-12-23 | CVE-2016-7122 | Resource Management Errors vulnerability in Ffmpeg The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. | 5.5 |