Ffmpeg » Ffmpeg : Security Vulnerabilities, CVEs, Published In 2016 (Denial of service) CVSS score >= 2
The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.
Max CVSS
5.5
EPSS Score
0.16%
Published
2016-12-23
Updated
2016-12-24
The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
Max CVSS
5.5
EPSS Score
0.13%
Published
2016-12-23
Updated
2017-01-03
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.
Max CVSS
5.5
EPSS Score
0.14%
Published
2016-12-23
Updated
2017-07-01
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
Max CVSS
5.5
EPSS Score
0.28%
Published
2016-12-23
Updated
2017-07-01
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.
Max CVSS
5.5
EPSS Score
0.28%
Published
2016-12-23
Updated
2017-07-01
The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.
Max CVSS
5.5
EPSS Score
0.10%
Published
2016-12-23
Updated
2016-12-24
The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.
Max CVSS
7.8
EPSS Score
0.60%
Published
2016-12-23
Updated
2016-12-24
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
Max CVSS
8.8
EPSS Score
1.29%
Published
2016-06-16
Updated
2018-10-30
libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.
Max CVSS
8.8
EPSS Score
0.69%
Published
2016-02-12
Updated
2016-12-06
libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions.
Max CVSS
8.8
EPSS Score
0.60%
Published
2016-02-12
Updated
2018-10-30
libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions.
Max CVSS
8.8
EPSS Score
0.54%
Published
2016-02-12
Updated
2016-12-06
libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions.
Max CVSS
8.8
EPSS Score
0.54%
Published
2016-02-12
Updated
2016-12-06
Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.
Max CVSS
8.8
EPSS Score
2.54%
Published
2016-02-12
Updated
2017-07-01
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.
Max CVSS
6.5
EPSS Score
0.32%
Published
2016-02-03
Updated
2016-12-06
14 vulnerabilities found