CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Ffmpeg : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2011-3949 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.
102 CVE-2011-3947 119 DoS Exec Code Overflow 2012-08-20 2012-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.
103 CVE-2011-3946 399 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.
104 CVE-2011-3945 119 DoS Exec Code Overflow 2012-08-20 2012-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.
105 CVE-2011-3944 2013-12-09 2014-03-08
6.8
None Remote Medium Not required Partial Partial Partial
The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.
106 CVE-2011-3940 119 DoS Overflow 2012-08-20 2012-10-30
6.8
None Remote Medium Not required Partial Partial Partial
nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams."
107 CVE-2011-3935 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size.
108 CVE-2011-3934 399 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data.
109 CVE-2011-3929 119 DoS Exec Code Overflow 2012-08-20 2012-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.
110 CVE-2011-3362 189 DoS Exec Code Mem. Corr. 2011-10-02 2012-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.
Total number of vulnerabilities : 110   Page : 1 2 3 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.