Ffmpeg : Security Vulnerabilities, CVEs, Published In 2010 (Code Execution) CVSS score >= 3
flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."
Max CVSS
6.8
EPSS Score
4.73%
Published
2010-09-30
Updated
2018-10-10
Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.
Max CVSS
4.3
EPSS Score
2.68%
Published
2010-02-10
Updated
2011-10-26
Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
Max CVSS
4.3
EPSS Score
1.43%
Published
2010-02-10
Updated
2010-05-04
FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.
Max CVSS
10.0
EPSS Score
20.34%
Published
2010-02-10
Updated
2010-05-20
FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.
Max CVSS
9.3
EPSS Score
5.14%
Published
2010-02-10
Updated
2011-10-26
Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.
Max CVSS
10.0
EPSS Score
2.02%
Published
2010-02-10
Updated
2011-10-26
vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
3.90%
Published
2010-02-10
Updated
2011-10-26
Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption.
Max CVSS
9.3
EPSS Score
1.98%
Published
2010-02-10
Updated
2010-05-04
8 vulnerabilities found