Vulnerabilities > Ffmpeg > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-20 | CVE-2011-4353 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream. | 4.3 |
| 2012-08-20 | CVE-2012-0857 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors. | 5.0 |
| 2011-05-20 | CVE-2011-2161 | Resource Management Errors vulnerability in Ffmpeg The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames. | 4.3 |
| 2011-05-20 | CVE-2011-0723 | Resource Management Errors vulnerability in multiple products FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file. | 6.8 |
| 2011-05-20 | CVE-2011-0722 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. | 6.8 |
| 2011-05-20 | CVE-2010-3908 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. | 6.8 |
| 2010-02-10 | CVE-2009-4640 | Numeric Errors vulnerability in Ffmpeg 0.5 Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. | 4.3 |
| 2010-02-10 | CVE-2009-4639 | Numeric Errors vulnerability in Ffmpeg 0.5 The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. | 4.3 |
| 2010-02-10 | CVE-2009-4638 | Numeric Errors vulnerability in Ffmpeg 0.5 Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. | 4.3 |
| 2010-02-10 | CVE-2009-4636 | Code Injection vulnerability in Ffmpeg 0.5 FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. | 4.3 |