sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
Max CVSS
6.8
EPSS Score
2.17%
Published
2011-07-07
Updated
2011-09-22
FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.
Max CVSS
6.8
EPSS Score
2.30%
Published
2011-05-20
Updated
2011-10-26
Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480.
Max CVSS
9.3
EPSS Score
0.24%
Published
2011-01-22
Updated
2011-05-24
FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.
Max CVSS
6.8
EPSS Score
1.77%
Published
2011-05-20
Updated
2011-10-26
4 vulnerabilities found