The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.
Max CVSS
6.5
EPSS Score
0.61%
Published
2018-01-29
Updated
2019-03-31
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
Max CVSS
6.5
EPSS Score
0.18%
Published
2018-01-03
Updated
2019-03-31
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.
Max CVSS
5.5
EPSS Score
0.23%
Published
2018-01-09
Updated
2018-01-30
3 vulnerabilities found