CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7401 CVE-2013-0915 119 DoS Overflow 2013-03-18 2013-04-16
10.0
None Remote Low Not required Complete Complete Complete
The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an "overflow."
7402 CVE-2013-0878 119 Overflow 2013-11-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access.
7403 CVE-2013-0877 119 Overflow 2013-11-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access.
7404 CVE-2013-0876 189 Overflow 2013-11-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access.
7405 CVE-2013-0875 189 2013-11-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access.
7406 CVE-2013-0874 119 Overflow 2013-11-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds array access.
7407 CVE-2013-0873 20 2013-11-23 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses."
7408 CVE-2013-0872 119 Overflow 2013-11-23 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access.
7409 CVE-2013-0869 119 Overflow 2013-11-23 2013-11-27
9.3
None Remote Medium Not required Complete Complete Complete
The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access.
7410 CVE-2013-0868 119 Overflow 2013-11-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."
7411 CVE-2013-0867 20 2013-11-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access.
7412 CVE-2013-0866 119 Overflow 2013-11-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.
7413 CVE-2013-0865 119 Overflow 2013-11-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write.
7414 CVE-2013-0864 189 2013-11-23 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via crafted GIF data that triggers an out-of-bounds array access.
7415 CVE-2013-0863 119 Overflow 2013-11-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data.
7416 CVE-2013-0862 189 Overflow 2013-11-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array access.
7417 CVE-2013-0859 189 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an out-of-bounds array access.
7418 CVE-2013-0858 2013-12-07 2016-12-06
9.3
None Remote Medium Not required Complete Complete Complete
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.
7419 CVE-2013-0857 20 2013-12-07 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.
7420 CVE-2013-0856 20 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value.
7421 CVE-2013-0855 189 Overflow 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-bounds array access.
7422 CVE-2013-0854 20 2013-12-07 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.
7423 CVE-2013-0853 189 2013-12-07 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.
7424 CVE-2013-0852 119 Overflow 2013-12-07 2015-11-16
9.3
None Remote Medium Not required Complete Complete Complete
The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.
7425 CVE-2013-0851 119 Overflow 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.
7426 CVE-2013-0850 119 Overflow 2013-12-07 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.
7427 CVE-2013-0849 20 2013-12-07 2014-03-08
9.3
None Remote Medium Not required Complete Complete Complete
The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data.
7428 CVE-2013-0848 119 Overflow 2013-12-07 2015-11-16
9.3
None Remote Medium Not required Complete Complete Complete
The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access.
7429 CVE-2013-0847 119 Overflow 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access.
7430 CVE-2013-0846 20 2013-12-07 2014-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.
7431 CVE-2013-0845 119 Overflow 2013-12-07 2014-03-08
9.3
None Remote Medium Not required Complete Complete Complete
libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.
7432 CVE-2013-0844 189 2013-12-07 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.
7433 CVE-2013-0842 2013-01-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors.
7434 CVE-2013-0840 2013-01-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.
7435 CVE-2013-0811 416 Exec Code 2013-05-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307.
7436 CVE-2013-0810 94 Exec Code 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."
7437 CVE-2013-0809 Exec Code 2013-03-05 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
7438 CVE-2013-0804 78 DoS Exec Code 2013-02-23 2013-02-25
10.0
None Remote Low Not required Complete Complete Complete
The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.
7439 CVE-2013-0801 DoS Exec Code Mem. Corr. 2013-05-16 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
7440 CVE-2013-0800 189 Exec Code 2013-04-03 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.
7441 CVE-2013-0796 DoS Exec Code 2013-04-03 2013-06-20
10.0
None Remote Low Not required Complete Complete Complete
The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.
7442 CVE-2013-0795 264 Exec Code Bypass 2013-04-03 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.
7443 CVE-2013-0790 DoS Exec Code Mem. Corr. 2013-04-03 2013-06-04
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in.
7444 CVE-2013-0789 DoS Exec Code Mem. Corr. 2013-04-03 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors.
7445 CVE-2013-0788 DoS Exec Code Mem. Corr. 2013-04-03 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
7446 CVE-2013-0787 399 Exec Code 2013-03-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.
7447 CVE-2013-0784 DoS Exec Code Mem. Corr. 2013-02-19 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
7448 CVE-2013-0783 DoS Exec Code Mem. Corr. 2013-02-19 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
7449 CVE-2013-0782 119 Exec Code Overflow 2013-02-19 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors.
7450 CVE-2013-0781 399 DoS Exec Code Mem. Corr. 2013-02-19 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.