CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Ffmpeg » Ffmpeg : Security Vulnerabilities Published In 2013 (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-4265 2013-11-23 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference.
2 CVE-2013-0878 119 Overflow 2013-11-23 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access.
3 CVE-2013-0877 119 Overflow 2013-11-23 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access.
4 CVE-2013-0876 189 Overflow 2013-11-23 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access.
5 CVE-2013-0875 189 2013-11-23 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access.
6 CVE-2013-0874 119 Overflow 2013-11-23 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds array access.
7 CVE-2013-0873 20 2013-11-23 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses."
8 CVE-2013-0872 119 Overflow 2013-11-23 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access.
9 CVE-2013-0869 119 Overflow 2013-11-23 2013-11-27
9.3
None Remote Medium Not required Complete Complete Complete
The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access.
10 CVE-2013-0868 119 Overflow 2013-11-23 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."
11 CVE-2013-0867 20 2013-11-23 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access.
12 CVE-2013-0866 119 Overflow 2013-11-23 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.
13 CVE-2013-0865 119 Overflow 2013-11-23 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write.
14 CVE-2013-0864 189 2013-11-23 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via crafted GIF data that triggers an out-of-bounds array access.
15 CVE-2013-0863 119 Overflow 2013-11-23 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data.
16 CVE-2013-0862 189 Overflow 2013-11-23 2016-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array access.
17 CVE-2013-0859 189 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an out-of-bounds array access.
18 CVE-2013-0858 2013-12-07 2016-12-06
9.3
None Remote Medium Not required Complete Complete Complete
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.
19 CVE-2013-0857 20 2013-12-07 2014-01-28
9.3
None Remote Medium Not required Complete Complete Complete
The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.
20 CVE-2013-0856 20 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value.
21 CVE-2013-0855 189 Overflow 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-bounds array access.
22 CVE-2013-0854 20 2013-12-07 2014-01-28
9.3
None Remote Medium Not required Complete Complete Complete
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.
23 CVE-2013-0853 189 2013-12-07 2014-01-28
9.3
None Remote Medium Not required Complete Complete Complete
The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.
24 CVE-2013-0852 119 Overflow 2013-12-07 2015-11-16
9.3
None Remote Medium Not required Complete Complete Complete
The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.
25 CVE-2013-0851 119 Overflow 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.
26 CVE-2013-0850 119 Overflow 2013-12-07 2014-01-28
9.3
None Remote Medium Not required Complete Complete Complete
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.
27 CVE-2013-0849 20 2013-12-07 2014-03-08
9.3
None Remote Medium Not required Complete Complete Complete
The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data.
28 CVE-2013-0848 119 Overflow 2013-12-07 2015-11-16
9.3
None Remote Medium Not required Complete Complete Complete
The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access.
29 CVE-2013-0847 119 Overflow 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access.
30 CVE-2013-0846 20 2013-12-07 2014-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.
31 CVE-2013-0845 119 Overflow 2013-12-07 2014-03-08
9.3
None Remote Medium Not required Complete Complete Complete
libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.
32 CVE-2013-0844 189 2013-12-07 2014-01-28
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.
33 CVE-2011-3937 2013-01-05 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads."
Total number of vulnerabilities : 33   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.