Ffmpeg : Security Vulnerabilities, CVEs, Published In 2011 CVSS score >= 8
The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.
Max CVSS
9.3
EPSS Score
2.84%
Published
2011-09-29
Updated
2018-10-30
Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."
Max CVSS
10.0
EPSS Score
0.20%
Published
2011-05-20
Updated
2011-05-23
The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723.
Max CVSS
9.3
EPSS Score
0.28%
Published
2011-05-20
Updated
2011-09-07
Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480.
Max CVSS
9.3
EPSS Score
0.24%
Published
2011-01-22
Updated
2011-05-24
4 vulnerabilities found