CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Ffmpeg : Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-9319 119 DoS Overflow 2014-12-09 2014-12-10
5.0
None Remote Low Not required None None Partial
The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.
2 CVE-2014-9318 119 DoS Overflow 2014-12-09 2014-12-10
7.5
None Remote Low Not required Partial Partial Partial
The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size.
3 CVE-2014-9317 119 DoS Overflow 2014-12-09 2014-12-10
7.5
None Remote Low Not required Partial Partial Partial
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file.
4 CVE-2014-9316 119 DoS Overflow 2014-12-09 2014-12-10
7.5
None Remote Low Not required Partial Partial Partial
The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.
5 CVE-2014-8549 189 DoS 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.
6 CVE-2014-8548 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.
7 CVE-2014-8547 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.
8 CVE-2014-8546 189 DoS 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.
9 CVE-2014-8545 189 DoS 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.
10 CVE-2014-8544 20 DoS 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.
11 CVE-2014-8543 20 DoS 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.
12 CVE-2014-8542 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.
13 CVE-2014-8541 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.
14 CVE-2014-5271 119 DoS Exec Code Overflow 2014-11-03 2014-11-04
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.
15 CVE-2014-2099 189 DoS 2014-03-01 2014-03-03
6.8
None Remote Medium Not required Partial Partial Partial
The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data.
16 CVE-2014-2098 119 DoS Overflow Mem. Corr. 2014-03-01 2014-03-03
6.8
None Remote Medium Not required Partial Partial Partial
libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data.
17 CVE-2014-2097 20 DoS 2014-03-01 2014-03-03
6.8
None Remote Medium Not required Partial Partial Partial
The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data.
18 CVE-2013-7024 119 DoS Overflow 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
19 CVE-2013-7023 119 DoS Overflow 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.
20 CVE-2013-7022 119 DoS Overflow 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.
21 CVE-2013-7021 399 DoS 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data.
22 CVE-2013-7020 119 DoS Overflow 2013-12-09 2014-11-18
6.8
None Remote Medium Not required Partial Partial Partial
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.
23 CVE-2013-7019 20 DoS 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
24 CVE-2013-7018 119 DoS Overflow 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
25 CVE-2013-7017 DoS 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data.
26 CVE-2013-7016 119 DoS Overflow 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
27 CVE-2013-7015 20 DoS 2013-12-09 2014-03-08
6.8
None Remote Medium Not required Partial Partial Partial
The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.
28 CVE-2013-7014 189 DoS 2013-12-09 2014-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.
29 CVE-2013-7013 189 DoS 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.
30 CVE-2013-7012 119 DoS Overflow 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
31 CVE-2013-7011 119 DoS Overflow 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.
32 CVE-2013-7010 189 DoS 2013-12-09 2014-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.
33 CVE-2013-7009 119 DoS Overflow 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.
34 CVE-2013-7008 DoS 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.
35 CVE-2013-4358 DoS 2013-12-24 2013-12-26
5.0
None Remote Low Not required None None Partial
libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data.
36 CVE-2013-4264 119 DoS Overflow 2013-11-23 2014-03-05
4.3
None Remote Medium Not required None None Partial
The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.
37 CVE-2013-3675 20 DoS Overflow 2013-06-09 2013-10-04
4.3
None Remote Medium Not required None None Partial
The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data.
38 CVE-2013-3674 20 DoS 2013-06-09 2013-06-10
4.3
None Remote Medium Not required None None Partial
The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data.
39 CVE-2013-3673 119 DoS Overflow 2013-06-09 2013-06-10
4.3
None Remote Medium Not required None None Partial
The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data.
40 CVE-2013-3672 20 DoS 2013-06-09 2013-06-10
4.3
None Remote Medium Not required None None Partial
The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data.
41 CVE-2013-3671 189 DoS 2013-06-09 2013-06-10
4.3
None Remote Medium Not required None None Partial
The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message.
42 CVE-2013-3670 119 DoS Overflow 2013-06-09 2013-06-10
4.3
None Remote Medium Not required None None Partial
The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release.
43 CVE-2013-2496 119 DoS Overflow 2013-03-09 2013-04-10
7.5
None Remote Low Not required Partial Partial Partial
The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data.
44 CVE-2013-2495 189 DoS Overflow 2013-03-09 2013-04-10
7.5
None Remote Low Not required Partial Partial Partial
The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header.
45 CVE-2013-2277 DoS 2013-02-27 2013-04-10
7.5
None Remote Low Not required Partial Partial Partial
The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data.
46 CVE-2013-2276 DoS 2013-02-27 2013-02-27
7.5
None Remote Low Not required Partial Partial Partial
The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data.
47 CVE-2012-6618 119 DoS Overflow 2013-12-24 2014-02-20
2.6
None Remote High Not required None None Partial
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate."
48 CVE-2012-6617 DoS 2013-12-24 2013-12-26
4.3
None Remote Medium Not required None None Partial
The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.
49 CVE-2012-6616 119 DoS Overflow 2013-12-24 2013-12-26
5.0
None Remote Low Not required None None Partial
The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data.
50 CVE-2012-6615 DoS 2013-12-24 2013-12-26
4.3
None Remote Medium Not required None None Partial
The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text.
Total number of vulnerabilities : 98   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.