Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.
Max CVSS
10.0
EPSS Score
0.68%
Published
2008-11-01
Updated
2017-08-08
Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.
Max CVSS
10.0
EPSS Score
0.67%
Published
2008-11-01
Updated
2017-08-08
vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
3.90%
Published
2010-02-10
Updated
2011-10-26
FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.
Max CVSS
10.0
EPSS Score
20.63%
Published
2010-02-10
Updated
2010-05-20
The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access.
Max CVSS
10.0
EPSS Score
0.41%
Published
2013-11-23
Updated
2016-12-03
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
Max CVSS
10.0
EPSS Score
4.39%
Published
2020-04-28
Updated
2022-04-29
Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.
Max CVSS
9.8
EPSS Score
0.43%
Published
2017-01-23
Updated
2017-02-01
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.
Max CVSS
9.8
EPSS Score
1.86%
Published
2017-02-09
Updated
2018-12-21
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.
Max CVSS
9.8
EPSS Score
5.14%
Published
2017-02-09
Updated
2018-12-21
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.
Max CVSS
9.8
EPSS Score
4.96%
Published
2017-02-09
Updated
2017-02-24
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.
Max CVSS
9.8
EPSS Score
0.29%
Published
2017-04-14
Updated
2017-04-20
FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.
Max CVSS
9.8
EPSS Score
0.46%
Published
2017-04-14
Updated
2018-11-27
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.
Max CVSS
9.8
EPSS Score
0.42%
Published
2017-04-14
Updated
2019-03-04
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.
Max CVSS
9.8
EPSS Score
0.42%
Published
2017-04-14
Updated
2019-03-05
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.
Max CVSS
9.8
EPSS Score
0.49%
Published
2017-04-14
Updated
2017-04-20
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
Max CVSS
9.8
EPSS Score
1.08%
Published
2019-10-14
Updated
2021-07-21
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
Max CVSS
9.8
EPSS Score
0.20%
Published
2024-01-27
Updated
2024-02-02
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
Max CVSS
9.8
EPSS Score
0.20%
Published
2024-01-27
Updated
2024-02-02
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.
Max CVSS
9.3
EPSS Score
13.10%
Published
2008-07-14
Updated
2018-10-30
FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.
Max CVSS
9.3
EPSS Score
5.14%
Published
2010-02-10
Updated
2011-10-26
Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480.
Max CVSS
9.3
EPSS Score
0.24%
Published
2011-01-22
Updated
2011-05-24
libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.
Max CVSS
9.3
EPSS Score
0.35%
Published
2013-12-07
Updated
2014-03-08
The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access.
Max CVSS
9.3
EPSS Score
0.29%
Published
2013-12-07
Updated
2013-12-27
The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access.
Max CVSS
9.3
EPSS Score
0.34%
Published
2013-12-07
Updated
2015-11-16
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.
Max CVSS
9.3
EPSS Score
0.34%
Published
2013-12-07
Updated
2014-01-28
189 vulnerabilities found
1 2 3 4 5 6 7 8
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!