Vulnerabilites related to ffmpeg - ffmpeg
cve-2015-8661
Vulnerability from cvelistv5
Published
2015-12-24 01:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1034539 | vdb-entry, x_refsource_SECTRACK | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | mailing-list, x_refsource_MLIST | |
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html | vendor-advisory, x_refsource_SUSE |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:43.662Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5" }, { "name": "1034539", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034539" }, { "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" }, { "name": "openSUSE-SU-2016:0089", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-23T00:00:00", "descriptions": [ { "lang": "en", "value": "The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-21T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5" }, { "name": "1034539", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034539" }, { "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" }, { "name": "openSUSE-SU-2016:0089", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8661", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5" }, { "name": "1034539", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034539" }, { "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" }, { "name": "openSUSE-SU-2016:0089", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8661", "datePublished": "2015-12-24T01:00:00", "dateReserved": "2015-12-23T00:00:00", "dateUpdated": "2024-08-06T08:20:43.662Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1999012
Vulnerability from cvelistv5
Published
2018-07-23 15:00
Modified
2024-08-05 12:47
Severity ?
EPSS score ?
Summary
FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104896 | vdb-entry, x_refsource_BID | |
https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e1 | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:47:57.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104896", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104896" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e1" }, { "name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "dateAssigned": "2018-07-20T00:00:00", "datePublic": "2018-07-03T00:00:00", "descriptions": [ { "lang": "en", "value": "FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-31T01:06:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "104896", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104896" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e1" }, { "name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-07-20T20:44:32.978420", "DATE_REQUESTED": "2018-07-13T16:07:18", "ID": "CVE-2018-1999012", "REQUESTER": "paulcher@icloud.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "104896", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104896" }, { "name": "https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e1", "refsource": "CONFIRM", "url": "https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e1" }, { "name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1999012", "datePublished": "2018-07-23T15:00:00", "dateReserved": "2018-07-13T00:00:00", "dateUpdated": "2024-08-05T12:47:57.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-0858
Vulnerability from cvelistv5
Published
2012-08-20 18:00
Modified
2024-09-17 00:31
Severity ?
EPSS score ?
Summary
The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free".
References
▼ | URL | Tags |
---|---|---|
http://www.ubuntu.com/usn/USN-1479-1 | vendor-advisory, x_refsource_UBUNTU | |
http://www.openwall.com/lists/oss-security/2012/02/14/4 | mailing-list, x_refsource_MLIST | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=204cb29b3c84a74cbcd059d353c70c8bdc567d98 | x_refsource_CONFIRM | |
http://ffmpeg.org/ | x_refsource_CONFIRM | |
http://libav.org/ | x_refsource_CONFIRM | |
http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=204cb29b3c84a74cbcd059d353c70c8bdc567d98 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:14.810Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-1479-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1479-1" }, { "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=204cb29b3c84a74cbcd059d353c70c8bdc567d98" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=204cb29b3c84a74cbcd059d353c70c8bdc567d98" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an \"invalid free\"." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-08-20T18:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-1479-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1479-1" }, { "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=204cb29b3c84a74cbcd059d353c70c8bdc567d98" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=204cb29b3c84a74cbcd059d353c70c8bdc567d98" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0858", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an \"invalid free\"." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-1479-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1479-1" }, { "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98" }, { "name": "http://ffmpeg.org/", "refsource": "CONFIRM", "url": "http://ffmpeg.org/" }, { "name": "http://libav.org/", "refsource": "CONFIRM", "url": "http://libav.org/" }, { "name": "http://git.libav.org/?p=libav.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98", "refsource": "CONFIRM", "url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0858", "datePublished": "2012-08-20T18:00:00Z", "dateReserved": "2012-01-19T00:00:00Z", "dateUpdated": "2024-09-17T00:31:25.399Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-2277
Vulnerability from cvelistv5
Published
2013-02-27 16:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-1790-1 | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:27:41.147Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a" }, { "name": "USN-1790-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1790-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-02-21T00:00:00", "descriptions": [ { "lang": "en", "value": "The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-04-11T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a" }, { "name": "USN-1790-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1790-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2277", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bdeb61ccc67911cfc5e20c7cfb1312d0501ca90a" }, { "name": "USN-1790-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1790-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-2277", "datePublished": "2013-02-27T16:00:00", "dateReserved": "2013-02-26T00:00:00", "dateUpdated": "2024-08-06T15:27:41.147Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-7008
Vulnerability from cvelistv5
Published
2013-12-09 11:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.
References
▼ | URL | Tags |
---|---|---|
https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f | x_refsource_CONFIRM | |
https://trac.ffmpeg.org/ticket/2927 | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201603-06 | vendor-advisory, x_refsource_GENTOO | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://openwall.com/lists/oss-security/2013/12/08/3 | mailing-list, x_refsource_MLIST | |
http://openwall.com/lists/oss-security/2013/11/26/7 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:53:45.837Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/2927" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-06" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" }, { "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2013/12/08/3" }, { "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2013/11/26/7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-11-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://trac.ffmpeg.org/ticket/2927" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-06" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" }, { "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2013/12/08/3" }, { "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2013/11/26/7" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7008", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f", "refsource": "CONFIRM", "url": "https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f" }, { "name": "https://trac.ffmpeg.org/ticket/2927", "refsource": "CONFIRM", "url": "https://trac.ffmpeg.org/ticket/2927" }, { "name": "GLSA-201603-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-06" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" }, { "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/12/08/3" }, { "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/11/26/7" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7008", "datePublished": "2013-12-09T11:00:00", "dateReserved": "2013-12-08T00:00:00", "dateUpdated": "2024-08-06T17:53:45.837Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-36138
Vulnerability from cvelistv5
Published
2023-08-11 00:00
Modified
2024-10-09 17:52
Severity ?
EPSS score ?
Summary
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:23:09.283Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/8960" }, { "tags": [ "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/292e41ce650a7b5ca5de4ae87fff0d6a90d9fc97" }, { "tags": [ "x_transferred" ], "url": "https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2020-November/272001.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-36138", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-09T17:51:19.544682Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-09T17:52:06.953Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-11T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://trac.ffmpeg.org/ticket/8960" }, { "url": "https://github.com/FFmpeg/FFmpeg/commit/292e41ce650a7b5ca5de4ae87fff0d6a90d9fc97" }, { "url": "https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2020-November/272001.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-36138", "datePublished": "2023-08-11T00:00:00", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-10-09T17:52:06.953Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-7450
Vulnerability from cvelistv5
Published
2016-12-23 05:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/10/08/1 | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201701-71 | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/94841 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:57:47.572Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/08/1" }, { "name": "GLSA-201701-71", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201701-71" }, { "name": "94841", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94841" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-10-08T00:00:00", "descriptions": [ { "lang": "en", "value": "The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/08/1" }, { "name": "GLSA-201701-71", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201701-71" }, { "name": "94841", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94841" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7450", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/08/1" }, { "name": "GLSA-201701-71", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-71" }, { "name": "94841", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94841" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7450", "datePublished": "2016-12-23T05:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T01:57:47.572Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-2798
Vulnerability from cvelistv5
Published
2012-09-10 22:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2012/09/02/4 | mailing-list, x_refsource_MLIST | |
http://libav.org/releases/libav-0.8.5.changelog | x_refsource_CONFIRM | |
http://libav.org/releases/libav-0.8.4.changelog | x_refsource_CONFIRM | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=72b9537d8886f679494651df517dfed9b420cf1f | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/55355 | vdb-entry, x_refsource_BID | |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | vendor-advisory, x_refsource_MANDRIVA | |
http://www.openwall.com/lists/oss-security/2012/08/31/3 | mailing-list, x_refsource_MLIST | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://libav.org/releases/libav-0.7.7.changelog | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-1705-1 | vendor-advisory, x_refsource_UBUNTU | |
http://secunia.com/advisories/50468 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/51257 | third-party-advisory, x_refsource_SECUNIA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:42:32.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.8.5.changelog" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=72b9537d8886f679494651df517dfed9b420cf1f" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/55355" }, { "name": "MDVSA-2013:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "name": "USN-1705-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1705-1" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-04-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an \"out of array write.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-12-10T15:57:00", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.8.5.changelog" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=72b9537d8886f679494651df517dfed9b420cf1f" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/55355" }, { "name": "MDVSA-2013:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "name": "USN-1705-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1705-1" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2012-2798", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an \"out of array write.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "name": "http://libav.org/releases/libav-0.8.5.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.8.5.changelog" }, { "name": "http://libav.org/releases/libav-0.8.4.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=72b9537d8886f679494651df517dfed9b420cf1f", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=72b9537d8886f679494651df517dfed9b420cf1f" }, { "name": "55355", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55355" }, { "name": "MDVSA-2013:079", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" }, { "name": "http://libav.org/releases/libav-0.7.7.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "name": "USN-1705-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1705-1" }, { "name": "50468", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51257" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2012-2798", "datePublished": "2012-09-10T22:00:00", "dateReserved": "2012-05-19T00:00:00", "dateUpdated": "2024-08-06T19:42:32.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-125017
Vulnerability from cvelistv5
Published
2022-06-18 06:16
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599 | x_refsource_MISC | |
https://vuldb.com/?id.12340 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | unspecified | FFmpeg |
Version: 2.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:10:56.533Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://vuldb.com/?id.12340" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FFmpeg", "vendor": "unspecified", "versions": [ { "status": "affected", "version": "2.0" } ] } ], "credits": [ { "lang": "en", "value": "Mateusz Jurczyk/Gynvael Coldwind" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-18T06:16:08", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=77bb0004bbe18f1498cfecdc68db5f10808b6599" }, { "tags": [ "x_refsource_MISC" ], "url": "https://vuldb.com/?id.12340" } ], "title": "FFmpeg rpza_decode_stream memory corruption", "x_generator": "vuldb.com", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2014-125017", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "FFmpeg rpza_decode_stream memory corruption" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "FFmpeg", "version": { "version_data": [ { "version_value": "2.0" } ] } } ] }, "vendor_name": "" } ] } }, "credit": "Mateusz Jurczyk/Gynvael Coldwind", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue." } ] }, "generator": "vuldb.com", "impact": { "cvss": { "baseScore": "7.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119 Memory Corruption" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=77bb0004bbe18f1498cfecdc68db5f10808b6599", "refsource": "MISC", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=77bb0004bbe18f1498cfecdc68db5f10808b6599" }, { "name": "https://vuldb.com/?id.12340", "refsource": "MISC", "url": "https://vuldb.com/?id.12340" } ] } } } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2014-125017", "datePublished": "2022-06-18T06:16:08", "dateReserved": "2022-06-17T00:00:00", "dateUpdated": "2024-08-06T14:10:56.533Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-125014
Vulnerability from cvelistv5
Published
2022-06-18 06:16
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d1e6602665 | x_refsource_MISC | |
https://vuldb.com/?id.12367 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | unspecified | FFmpeg |
Version: 2.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:10:56.584Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d1e6602665" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://vuldb.com/?id.12367" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FFmpeg", "vendor": "unspecified", "versions": [ { "status": "affected", "version": "2.0" } ] } ], "credits": [ { "lang": "en", "value": "Mateusz Jurczyk/Gynvael Coldwind" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-18T06:16:04", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d1e6602665" }, { "tags": [ "x_refsource_MISC" ], "url": "https://vuldb.com/?id.12367" } ], "title": "FFmpeg HEVC Video Decoder memory corruption", "x_generator": "vuldb.com", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2014-125014", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "FFmpeg HEVC Video Decoder memory corruption" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "FFmpeg", "version": { "version_data": [ { "version_value": "2.0" } ] } } ] }, "vendor_name": "" } ] } }, "credit": "Mateusz Jurczyk/Gynvael Coldwind", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue." } ] }, "generator": "vuldb.com", "impact": { "cvss": { "baseScore": "5.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119 Memory Corruption" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d1e6602665", "refsource": "MISC", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d1e6602665" }, { "name": "https://vuldb.com/?id.12367", "refsource": "MISC", "url": "https://vuldb.com/?id.12367" } ] } } } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2014-125014", "datePublished": "2022-06-18T06:16:04", "dateReserved": "2022-06-17T00:00:00", "dateUpdated": "2024-08-06T14:10:56.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0846
Vulnerability from cvelistv5
Published
2013-12-07 21:00
Modified
2024-08-06 14:41
Severity ?
EPSS score ?
Summary
Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed | x_refsource_CONFIRM | |
http://www.debian.org/security/2014/dsa-2855 | vendor-advisory, x_refsource_DEBIAN | |
http://www.ffmpeg.org/security.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:41:47.319Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed" }, { "name": "DSA-2855", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2855" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ffmpeg.org/security.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-11-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-03-05T14:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed" }, { "name": "DSA-2855", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2855" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ffmpeg.org/security.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2013-0846", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed" }, { "name": "DSA-2855", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2855" }, { "name": "http://www.ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://www.ffmpeg.org/security.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2013-0846", "datePublished": "2013-12-07T21:00:00", "dateReserved": "2013-01-07T00:00:00", "dateUpdated": "2024-08-06T14:41:47.319Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-2787
Vulnerability from cvelistv5
Published
2012-09-10 22:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2012/09/02/4 | mailing-list, x_refsource_MLIST | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=01bf2ad7351fdaa2e21b6bdf963d22d6ffccb920 | x_refsource_CONFIRM | |
http://libav.org/releases/libav-0.8.4.changelog | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/55355 | vdb-entry, x_refsource_BID | |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | vendor-advisory, x_refsource_MANDRIVA | |
http://www.openwall.com/lists/oss-security/2012/08/31/3 | mailing-list, x_refsource_MLIST | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://secunia.com/advisories/50468 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/51257 | third-party-advisory, x_refsource_SECUNIA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:42:32.500Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=01bf2ad7351fdaa2e21b6bdf963d22d6ffccb920" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/55355" }, { "name": "MDVSA-2013:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-04-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the \"setup width/height.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-12-10T15:57:00", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=01bf2ad7351fdaa2e21b6bdf963d22d6ffccb920" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/55355" }, { "name": "MDVSA-2013:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2012-2787", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the \"setup width/height.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=01bf2ad7351fdaa2e21b6bdf963d22d6ffccb920", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=01bf2ad7351fdaa2e21b6bdf963d22d6ffccb920" }, { "name": "http://libav.org/releases/libav-0.8.4.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "name": "55355", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55355" }, { "name": "MDVSA-2013:079", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" }, { "name": "50468", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51257" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2012-2787", "datePublished": "2012-09-10T22:00:00", "dateReserved": "2012-05-19T00:00:00", "dateUpdated": "2024-08-06T19:42:32.500Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-7009
Vulnerability from cvelistv5
Published
2013-12-09 11:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.
References
▼ | URL | Tags |
---|---|---|
https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34 | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201603-06 | vendor-advisory, x_refsource_GENTOO | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://openwall.com/lists/oss-security/2013/12/08/3 | mailing-list, x_refsource_MLIST | |
https://trac.ffmpeg.org/ticket/2850 | x_refsource_CONFIRM | |
http://openwall.com/lists/oss-security/2013/11/26/7 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:53:46.066Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-06" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" }, { "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2013/12/08/3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/2850" }, { "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2013/11/26/7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-11-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-06" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" }, { "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2013/12/08/3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://trac.ffmpeg.org/ticket/2850" }, { "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2013/11/26/7" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7009", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34", "refsource": "CONFIRM", "url": "https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34" }, { "name": "GLSA-201603-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-06" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" }, { "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/12/08/3" }, { "name": "https://trac.ffmpeg.org/ticket/2850", "refsource": "CONFIRM", "url": "https://trac.ffmpeg.org/ticket/2850" }, { "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/11/26/7" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7009", "datePublished": "2013-12-09T11:00:00", "dateReserved": "2013-12-08T00:00:00", "dateUpdated": "2024-08-06T17:53:46.066Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-13904
Vulnerability from cvelistv5
Published
2020-06-07 18:07
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
References
▼ | URL | Tags |
---|---|---|
https://trac.ffmpeg.org/ticket/8673 | x_refsource_MISC | |
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq%40chinaffmpeg.org/ | x_refsource_MISC | |
https://www.debian.org/security/2020/dsa-4722 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/4431-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://security.gentoo.org/glsa/202007-58 | vendor-advisory, x_refsource_GENTOO | |
https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:32:14.480Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/8673" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq%40chinaffmpeg.org/" }, { "name": "DSA-4722", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4722" }, { "name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html" }, { "name": "USN-4431-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4431-1/" }, { "name": "GLSA-202007-58", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202007-58" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-04T19:55:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://trac.ffmpeg.org/ticket/8673" }, { "tags": [ "x_refsource_MISC" ], "url": "https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq%40chinaffmpeg.org/" }, { "name": "DSA-4722", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4722" }, { "name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html" }, { "name": "USN-4431-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4431-1/" }, { "name": "GLSA-202007-58", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202007-58" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13904", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://trac.ffmpeg.org/ticket/8673", "refsource": "MISC", "url": "https://trac.ffmpeg.org/ticket/8673" }, { "name": "https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/", "refsource": "MISC", "url": "https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/" }, { "name": "DSA-4722", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4722" }, { "name": "[debian-lts-announce] 20200727 [SECURITY] [DLA 2291-1] ffmpeg security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html" }, { "name": "USN-4431-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4431-1/" }, { "name": "GLSA-202007-58", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202007-58" }, { "name": "https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2", "refsource": "MISC", "url": "https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13904", "datePublished": "2020-06-07T18:07:08", "dateReserved": "2020-06-07T00:00:00", "dateUpdated": "2024-08-04T12:32:14.480Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-3671
Vulnerability from cvelistv5
Published
2013-06-10 01:00
Modified
2024-09-16 18:54
Severity ?
EPSS score ?
Summary
The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7edb984dd051b6919d7d8471c70499273f31b0fa | x_refsource_CONFIRM | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=cc0dd86580b3257f22a4981a79eb5fa6804182b6 | x_refsource_CONFIRM | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:14:56.619Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7edb984dd051b6919d7d8471c70499273f31b0fa" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=cc0dd86580b3257f22a4981a79eb5fa6804182b6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-06-10T01:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=7edb984dd051b6919d7d8471c70499273f31b0fa" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=cc0dd86580b3257f22a4981a79eb5fa6804182b6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3671", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7edb984dd051b6919d7d8471c70499273f31b0fa", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7edb984dd051b6919d7d8471c70499273f31b0fa" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=cc0dd86580b3257f22a4981a79eb5fa6804182b6", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=cc0dd86580b3257f22a4981a79eb5fa6804182b6" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3671", "datePublished": "2013-06-10T01:00:00Z", "dateReserved": "2013-05-24T00:00:00Z", "dateUpdated": "2024-09-16T18:54:34.592Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0848
Vulnerability from cvelistv5
Published
2013-12-07 21:00
Modified
2024-08-06 14:41
Severity ?
EPSS score ?
Summary
The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access.
References
▼ | URL | Tags |
---|---|---|
http://www.mandriva.com/security/advisories?name=MDVSA-2014:227 | vendor-advisory, x_refsource_MANDRIVA | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=6abb9a901fca27da14d4fffbb01948288b5da3ba | x_refsource_CONFIRM | |
http://www.ffmpeg.org/security.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:41:47.611Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDVSA-2014:227", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=6abb9a901fca27da14d4fffbb01948288b5da3ba" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ffmpeg.org/security.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-11-29T00:00:00", "descriptions": [ { "lang": "en", "value": "The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-03-19T15:57:00", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "name": "MDVSA-2014:227", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=6abb9a901fca27da14d4fffbb01948288b5da3ba" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ffmpeg.org/security.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2013-0848", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MDVSA-2014:227", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba" }, { "name": "http://www.ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://www.ffmpeg.org/security.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2013-0848", "datePublished": "2013-12-07T21:00:00", "dateReserved": "2013-01-07T00:00:00", "dateUpdated": "2024-08-06T14:41:47.611Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-4868
Vulnerability from cvelistv5
Published
2008-10-31 22:00
Modified
2024-08-07 10:31
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers."
References
▼ | URL | Tags |
---|---|---|
http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html | mailing-list, x_refsource_FULLDISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/46325 | vdb-entry, x_refsource_XF | |
http://www.openwall.com/lists/oss-security/2008/10/29/6 | mailing-list, x_refsource_MLIST | |
http://secunia.com/advisories/34385 | third-party-advisory, x_refsource_SECUNIA | |
http://security.gentoo.org/glsa/glsa-200903-33.xml | vendor-advisory, x_refsource_GENTOO | |
http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:31:27.822Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20080905 [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html" }, { "name": "ffmpeg-avcodecclose-unspecified(46325)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46325" }, { "name": "[oss-security] 20081029 Fwd: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2008/10/29/6" }, { "name": "34385", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34385" }, { "name": "GLSA-200903-33", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200903-33.xml" }, { "name": "[ffmpeg-cvslog] 20080816 r14787 - trunk/libavcodec/utils.c", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free \"on random pointers.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20080905 [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html" }, { "name": "ffmpeg-avcodecclose-unspecified(46325)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46325" }, { "name": "[oss-security] 20081029 Fwd: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2008/10/29/6" }, { "name": "34385", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34385" }, { "name": "GLSA-200903-33", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200903-33.xml" }, { "name": "[ffmpeg-cvslog] 20080816 r14787 - trunk/libavcodec/utils.c", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4868", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free \"on random pointers.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20080905 [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html" }, { "name": "ffmpeg-avcodecclose-unspecified(46325)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46325" }, { "name": "[oss-security] 20081029 Fwd: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/29/6" }, { "name": "34385", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34385" }, { "name": "GLSA-200903-33", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200903-33.xml" }, { "name": "[ffmpeg-cvslog] 20080816 r14787 - trunk/libavcodec/utils.c", "refsource": "MLIST", "url": "http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4868", "datePublished": "2008-10-31T22:00:00", "dateReserved": "2008-10-31T00:00:00", "dateUpdated": "2024-08-07T10:31:27.822Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-2782
Vulnerability from cvelistv5
Published
2012-09-10 22:00
Modified
2024-09-16 17:43
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the decode_slice_header function in libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a "rejected resolution change."
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2012/09/02/4 | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/55355 | vdb-entry, x_refsource_BID | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9a57a37b7041581c10629c8241260a5d7bfbc1e7 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2012/08/31/3 | mailing-list, x_refsource_MLIST | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://secunia.com/advisories/50468 | third-party-advisory, x_refsource_SECUNIA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:42:32.457Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/55355" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9a57a37b7041581c10629c8241260a5d7bfbc1e7" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50468" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the decode_slice_header function in libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a \"rejected resolution change.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-09-10T22:00:00Z", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/55355" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9a57a37b7041581c10629c8241260a5d7bfbc1e7" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50468" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2012-2782", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the decode_slice_header function in libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a \"rejected resolution change.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "name": "55355", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55355" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9a57a37b7041581c10629c8241260a5d7bfbc1e7", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9a57a37b7041581c10629c8241260a5d7bfbc1e7" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" }, { "name": "50468", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50468" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2012-2782", "datePublished": "2012-09-10T22:00:00Z", "dateReserved": "2012-05-19T00:00:00Z", "dateUpdated": "2024-09-16T17:43:43.371Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38091
Vulnerability from cvelistv5
Published
2021-09-20 15:20
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
References
▼ | URL | Tags |
---|---|---|
https://trac.ffmpeg.org/ticket/8263 | x_refsource_MISC | |
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:30:09.106Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/8263" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-20T15:20:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://trac.ffmpeg.org/ticket/8263" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-38091", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://trac.ffmpeg.org/ticket/8263", "refsource": "MISC", "url": "https://trac.ffmpeg.org/ticket/8263" }, { "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23", "refsource": "MISC", "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-38091", "datePublished": "2021-09-20T15:20:01", "dateReserved": "2021-08-04T00:00:00", "dateUpdated": "2024-08-04T01:30:09.106Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-125020
Vulnerability from cvelistv5
Published
2022-06-19 06:10
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1f097d168d | x_refsource_MISC | |
https://vuldb.com/?id.12298 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | unspecified | FFmpeg |
Version: 2.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:10:56.569Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1f097d168d" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://vuldb.com/?id.12298" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FFmpeg", "vendor": "unspecified", "versions": [ { "status": "affected", "version": "2.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-19T06:10:27", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1f097d168d" }, { "tags": [ "x_refsource_MISC" ], "url": "https://vuldb.com/?id.12298" } ], "title": "FFmpeg decode_update_thread_context memory corruption", "x_generator": "vuldb.com", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2014-125020", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "FFmpeg decode_update_thread_context memory corruption" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "FFmpeg", "version": { "version_data": [ { "version_value": "2.0" } ] } } ] }, "vendor_name": "" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue." } ] }, "generator": "vuldb.com", "impact": { "cvss": { "baseScore": "7.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119 Memory Corruption" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1f097d168d", "refsource": "MISC", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1f097d168d" }, { "name": "https://vuldb.com/?id.12298", "refsource": "MISC", "url": "https://vuldb.com/?id.12298" } ] } } } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2014-125020", "datePublished": "2022-06-19T06:10:27", "dateReserved": "2022-06-18T00:00:00", "dateUpdated": "2024-08-06T14:10:56.569Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-125002
Vulnerability from cvelistv5
Published
2022-06-18 06:15
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=f1caaa1c61310beba705957e6366f0392a0b005b | x_refsource_MISC | |
https://vuldb.com/?id.12588 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | unspecified | FFmpeg |
Version: 2.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:10:56.509Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=f1caaa1c61310beba705957e6366f0392a0b005b" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://vuldb.com/?id.12588" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FFmpeg", "vendor": "unspecified", "versions": [ { "status": "affected", "version": "2.0" } ] } ], "credits": [ { "lang": "en", "value": "Mateusz Jurczyk/Gynvael Coldwind" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-18T06:15:44", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=f1caaa1c61310beba705957e6366f0392a0b005b" }, { "tags": [ "x_refsource_MISC" ], "url": "https://vuldb.com/?id.12588" } ], "title": "FFmpeg dnxhdenc.c dnxhd_init_rc memory corruption", "x_generator": "vuldb.com", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2014-125002", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "FFmpeg dnxhdenc.c dnxhd_init_rc memory corruption" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "FFmpeg", "version": { "version_data": [ { "version_value": "2.0" } ] } } ] }, "vendor_name": "" } ] } }, "credit": "Mateusz Jurczyk/Gynvael Coldwind", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue." } ] }, "generator": "vuldb.com", "impact": { "cvss": { "baseScore": "5.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119 Memory Corruption" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005b", "refsource": "MISC", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005b" }, { "name": "https://vuldb.com/?id.12588", "refsource": "MISC", "url": "https://vuldb.com/?id.12588" } ] } } } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2014-125002", "datePublished": "2022-06-18T06:15:44", "dateReserved": "2022-06-17T00:00:00", "dateUpdated": "2024-08-06T14:10:56.509Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-4353
Vulnerability from cvelistv5
Published
2012-08-20 20:00
Modified
2024-09-16 19:35
Severity ?
EPSS score ?
Summary
The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream.
References
▼ | URL | Tags |
---|---|---|
http://libav.org/releases/libav-0.6.4.changelog | x_refsource_CONFIRM | |
http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 | vendor-advisory, x_refsource_MANDRIVA | |
http://ubuntu.com/usn/usn-1320-1 | vendor-advisory, x_refsource_UBUNTU | |
http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 | vendor-advisory, x_refsource_MANDRIVA | |
http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 | vendor-advisory, x_refsource_MANDRIVA | |
http://ffmpeg.org/ | x_refsource_CONFIRM | |
http://libav.org/ | x_refsource_CONFIRM | |
http://ubuntu.com/usn/usn-1333-1 | vendor-advisory, x_refsource_UBUNTU | |
http://libav.org/releases/libav-0.5.6.changelog | x_refsource_CONFIRM | |
http://libav.org/releases/libav-0.7.3.changelog | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:01:51.586Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.6.4.changelog" }, { "name": "MDVSA-2012:076", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076" }, { "name": "USN-1320-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://ubuntu.com/usn/usn-1320-1" }, { "name": "MDVSA-2012:074", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:074" }, { "name": "MDVSA-2012:075", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:075" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/" }, { "name": "USN-1333-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://ubuntu.com/usn/usn-1333-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.5.6.changelog" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.7.3.changelog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-08-20T20:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.6.4.changelog" }, { "name": "MDVSA-2012:076", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076" }, { "name": "USN-1320-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://ubuntu.com/usn/usn-1320-1" }, { "name": "MDVSA-2012:074", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:074" }, { "name": "MDVSA-2012:075", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:075" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/" }, { "name": "USN-1333-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://ubuntu.com/usn/usn-1333-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.5.6.changelog" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.7.3.changelog" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4353", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://libav.org/releases/libav-0.6.4.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.6.4.changelog" }, { "name": "MDVSA-2012:076", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076" }, { "name": "USN-1320-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-1320-1" }, { "name": "MDVSA-2012:074", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:074" }, { "name": "MDVSA-2012:075", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:075" }, { "name": "http://ffmpeg.org/", "refsource": "CONFIRM", "url": "http://ffmpeg.org/" }, { "name": "http://libav.org/", "refsource": "CONFIRM", "url": "http://libav.org/" }, { "name": "USN-1333-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-1333-1" }, { "name": "http://libav.org/releases/libav-0.5.6.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.5.6.changelog" }, { "name": "http://libav.org/releases/libav-0.7.3.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.7.3.changelog" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4353", "datePublished": "2012-08-20T20:00:00Z", "dateReserved": "2011-11-04T00:00:00Z", "dateUpdated": "2024-09-16T19:35:31.226Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-0849
Vulnerability from cvelistv5
Published
2012-08-27 23:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2012/02/14/4 | mailing-list, x_refsource_MLIST | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/78935 | vdb-entry, x_refsource_XF | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1f99939a6361e2e6d6788494dd7c682b051c6c34 | x_refsource_CONFIRM | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2012/02/01/11 | mailing-list, x_refsource_MLIST | |
http://www.ffmpeg.org/trac/ffmpeg/ticket/776 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:14.846Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" }, { "name": "ffmpeg-ffj2kdwtinit-dos(78935)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78935" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1f99939a6361e2e6d6788494dd7c682b051c6c34" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" }, { "name": "[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/01/11" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ffmpeg.org/trac/ffmpeg/ticket/776" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-12-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" }, { "name": "ffmpeg-ffj2kdwtinit-dos(78935)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78935" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1f99939a6361e2e6d6788494dd7c682b051c6c34" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" }, { "name": "[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/01/11" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ffmpeg.org/trac/ffmpeg/ticket/776" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0849", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" }, { "name": "ffmpeg-ffj2kdwtinit-dos(78935)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78935" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1f99939a6361e2e6d6788494dd7c682b051c6c34", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1f99939a6361e2e6d6788494dd7c682b051c6c34" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" }, { "name": "[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/02/01/11" }, { "name": "http://www.ffmpeg.org/trac/ffmpeg/ticket/776", "refsource": "CONFIRM", "url": "http://www.ffmpeg.org/trac/ffmpeg/ticket/776" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0849", "datePublished": "2012-08-27T23:00:00", "dateReserved": "2012-01-19T00:00:00", "dateUpdated": "2024-08-06T18:38:14.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-22023
Vulnerability from cvelistv5
Published
2021-05-27 18:13
Modified
2024-08-04 14:51
Severity ?
EPSS score ?
Summary
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
References
▼ | URL | Tags |
---|---|---|
https://trac.ffmpeg.org/ticket/8244 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2021/dsa-4990 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T14:51:09.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/8244" }, { "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html" }, { "name": "DSA-4990", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4990" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-20T10:06:59", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://trac.ffmpeg.org/ticket/8244" }, { "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html" }, { "name": "DSA-4990", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4990" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-22023", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://trac.ffmpeg.org/ticket/8244", "refsource": "MISC", "url": "https://trac.ffmpeg.org/ticket/8244" }, { "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html" }, { "name": "DSA-4990", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4990" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-22023", "datePublished": "2021-05-27T18:13:31", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T14:51:09.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-125009
Vulnerability from cvelistv5
Published
2022-06-18 06:15
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=61d59703c91869f4e5cdacd8d6be52f8b89d4ba4 | x_refsource_MISC | |
https://vuldb.com/?id.12393 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | unspecified | FFmpeg |
Version: 2.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:10:56.468Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=61d59703c91869f4e5cdacd8d6be52f8b89d4ba4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://vuldb.com/?id.12393" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FFmpeg", "vendor": "unspecified", "versions": [ { "status": "affected", "version": "2.0" } ] } ], "credits": [ { "lang": "en", "value": "Mateusz Jurczyk/Gynvael Coldwind" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-18T06:15:55", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=61d59703c91869f4e5cdacd8d6be52f8b89d4ba4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://vuldb.com/?id.12393" } ], "title": "FFmpeg snow.h add_yblock memory corruption", "x_generator": "vuldb.com", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2014-125009", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "FFmpeg snow.h add_yblock memory corruption" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "FFmpeg", "version": { "version_data": [ { "version_value": "2.0" } ] } } ] }, "vendor_name": "" } ] } }, "credit": "Mateusz Jurczyk/Gynvael Coldwind", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue." } ] }, "generator": "vuldb.com", "impact": { "cvss": { "baseScore": "5.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119 Memory Corruption" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=61d59703c91869f4e5cdacd8d6be52f8b89d4ba4", "refsource": "MISC", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=61d59703c91869f4e5cdacd8d6be52f8b89d4ba4" }, { "name": "https://vuldb.com/?id.12393", "refsource": "MISC", "url": "https://vuldb.com/?id.12393" } ] } } } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2014-125009", "datePublished": "2022-06-18T06:15:55", "dateReserved": "2022-06-17T00:00:00", "dateUpdated": "2024-08-06T14:10:56.468Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-14056
Vulnerability from cvelistv5
Published
2017-08-31 15:00
Modified
2024-08-05 19:13
Severity ?
EPSS score ?
Summary
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.
References
▼ | URL | Tags |
---|---|---|
https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100628 | vdb-entry, x_refsource_BID | |
https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html | mailing-list, x_refsource_MLIST | |
http://www.debian.org/security/2017/dsa-3996 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:13:41.655Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de" }, { "name": "100628", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100628" }, { "name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" }, { "name": "DSA-3996", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3996" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-08-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large \"frame_count\" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-01-08T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de" }, { "name": "100628", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100628" }, { "name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" }, { "name": "DSA-3996", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3996" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14056", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large \"frame_count\" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de", "refsource": "CONFIRM", "url": "https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de" }, { "name": "100628", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100628" }, { "name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" }, { "name": "DSA-3996", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3996" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14056", "datePublished": "2017-08-31T15:00:00", "dateReserved": "2017-08-31T00:00:00", "dateUpdated": "2024-08-05T19:13:41.655Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-8218
Vulnerability from cvelistv5
Published
2015-11-17 01:00
Modified
2024-08-06 08:13
Severity ?
EPSS score ?
Summary
The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.
References
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html | vendor-advisory, x_refsource_SUSE | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:13:31.751Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2015:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-11-05T00:00:00", "descriptions": [ { "lang": "en", "value": "The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-05T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "openSUSE-SU-2015:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8218", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2015:2120", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8218", "datePublished": "2015-11-17T01:00:00", "dateReserved": "2015-11-16T00:00:00", "dateUpdated": "2024-08-06T08:13:31.751Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0852
Vulnerability from cvelistv5
Published
2013-12-07 21:00
Modified
2024-08-06 14:41
Severity ?
EPSS score ?
Summary
The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.
References
▼ | URL | Tags |
---|---|---|
http://www.mandriva.com/security/advisories?name=MDVSA-2014:227 | vendor-advisory, x_refsource_MANDRIVA | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c0d68be555f5858703383040e04fcd6529777061 | x_refsource_CONFIRM | |
http://www.ffmpeg.org/security.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:41:47.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDVSA-2014:227", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c0d68be555f5858703383040e04fcd6529777061" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ffmpeg.org/security.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-11-15T00:00:00", "descriptions": [ { "lang": "en", "value": "The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-03-19T15:57:00", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "name": "MDVSA-2014:227", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c0d68be555f5858703383040e04fcd6529777061" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ffmpeg.org/security.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2013-0852", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MDVSA-2014:227", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061" }, { "name": "http://www.ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://www.ffmpeg.org/security.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2013-0852", "datePublished": "2013-12-07T21:00:00", "dateReserved": "2013-01-07T00:00:00", "dateUpdated": "2024-08-06T14:41:47.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0853
Vulnerability from cvelistv5
Published
2013-12-07 21:00
Modified
2024-08-06 14:41
Severity ?
EPSS score ?
Summary
The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.
References
▼ | URL | Tags |
---|---|---|
http://www.debian.org/security/2013/dsa-2793 | vendor-advisory, x_refsource_DEBIAN | |
http://www.ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=be818df547c3b0ae4fadb50fd210139a8636706a | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:41:47.553Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2793", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2793" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=be818df547c3b0ae4fadb50fd210139a8636706a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-11-12T00:00:00", "descriptions": [ { "lang": "en", "value": "The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-01-23T14:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "name": "DSA-2793", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2793" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=be818df547c3b0ae4fadb50fd210139a8636706a" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2013-0853", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-2793", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2793" }, { "name": "http://www.ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://www.ffmpeg.org/security.html" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2013-0853", "datePublished": "2013-12-07T21:00:00", "dateReserved": "2013-01-07T00:00:00", "dateUpdated": "2024-08-06T14:41:47.553Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-2496
Vulnerability from cvelistv5
Published
2013-03-09 11:01
Modified
2024-08-06 15:44
Severity ?
EPSS score ?
Summary
The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data.
References
▼ | URL | Tags |
---|---|---|
http://www.ubuntu.com/usn/USN-1790-1 | vendor-advisory, x_refsource_UBUNTU | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e398990eb87785e20e065cd3f14d1dbb69df4392 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:44:32.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-1790-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1790-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e398990eb87785e20e065cd3f14d1dbb69df4392" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-04-11T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-1790-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1790-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e398990eb87785e20e065cd3f14d1dbb69df4392" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2496", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-1790-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1790-1" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e398990eb87785e20e065cd3f14d1dbb69df4392", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e398990eb87785e20e065cd3f14d1dbb69df4392" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-2496", "datePublished": "2013-03-09T11:01:00", "dateReserved": "2013-03-07T00:00:00", "dateUpdated": "2024-08-06T15:44:32.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-2794
Vulnerability from cvelistv5
Published
2012-09-10 22:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters."
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2012/09/02/4 | mailing-list, x_refsource_MLIST | |
http://libav.org/releases/libav-0.8.4.changelog | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/55355 | vdb-entry, x_refsource_BID | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5ad7335ebac2b38bb2a1c8df51a500b78461c05a | x_refsource_CONFIRM | |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | vendor-advisory, x_refsource_MANDRIVA | |
http://www.openwall.com/lists/oss-security/2012/08/31/3 | mailing-list, x_refsource_MLIST | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://libav.org/releases/libav-0.7.7.changelog | x_refsource_CONFIRM | |
http://secunia.com/advisories/50468 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/51257 | third-party-advisory, x_refsource_SECUNIA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:42:32.502Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/55355" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5ad7335ebac2b38bb2a1c8df51a500b78461c05a" }, { "name": "MDVSA-2013:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-04-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the \"allocated tile size ... mismatches parameters.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-12-10T15:57:00", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/55355" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5ad7335ebac2b38bb2a1c8df51a500b78461c05a" }, { "name": "MDVSA-2013:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2012-2794", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the \"allocated tile size ... mismatches parameters.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "name": "http://libav.org/releases/libav-0.8.4.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "name": "55355", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55355" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5ad7335ebac2b38bb2a1c8df51a500b78461c05a", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5ad7335ebac2b38bb2a1c8df51a500b78461c05a" }, { "name": "MDVSA-2013:079", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" }, { "name": "http://libav.org/releases/libav-0.7.7.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "name": "50468", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51257" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2012-2794", "datePublished": "2012-09-10T22:00:00", "dateReserved": "2012-05-19T00:00:00", "dateUpdated": "2024-08-06T19:42:32.502Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-20902
Vulnerability from cvelistv5
Published
2021-09-20 15:20
Modified
2024-08-04 14:22
Severity ?
EPSS score ?
Summary
A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information.
References
▼ | URL | Tags |
---|---|---|
https://trac.ffmpeg.org/ticket/8176 | x_refsource_MISC | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=0c61661a2cbe1b8b284c80ada1c2fdddf4992cad | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T14:22:25.420Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/8176" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=0c61661a2cbe1b8b284c80ada1c2fdddf4992cad" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R\u0027(0), that could result in disclosure of information." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-20T15:20:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://trac.ffmpeg.org/ticket/8176" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=0c61661a2cbe1b8b284c80ada1c2fdddf4992cad" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-20902", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R\u0027(0), that could result in disclosure of information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://trac.ffmpeg.org/ticket/8176", "refsource": "MISC", "url": "https://trac.ffmpeg.org/ticket/8176" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0c61661a2cbe1b8b284c80ada1c2fdddf4992cad", "refsource": "MISC", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0c61661a2cbe1b8b284c80ada1c2fdddf4992cad" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-20902", "datePublished": "2021-09-20T15:20:00", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T14:22:25.420Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-22022
Vulnerability from cvelistv5
Published
2021-05-27 18:14
Modified
2024-08-04 14:30
Severity ?
EPSS score ?
Summary
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
References
▼ | URL | Tags |
---|---|---|
https://trac.ffmpeg.org/ticket/8264 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2021/dsa-4990 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T14:30:33.799Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/8264" }, { "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html" }, { "name": "DSA-4990", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4990" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-20T10:06:27", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://trac.ffmpeg.org/ticket/8264" }, { "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html" }, { "name": "DSA-4990", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4990" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-22022", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://trac.ffmpeg.org/ticket/8264", "refsource": "MISC", "url": "https://trac.ffmpeg.org/ticket/8264" }, { "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html" }, { "name": "DSA-4990", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4990" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-22022", "datePublished": "2021-05-27T18:14:26", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T14:30:33.799Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3341
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:07:06.510Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2157054" }, { "tags": [ "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e" }, { "name": "[debian-lts-announce] 20230613 [SECURITY] [DLA 3454-1] ffmpeg security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00016.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FFmpeg", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed-in ffmpeg 5.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A null pointer dereference issue was discovered in \u0027FFmpeg\u0027 in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 - NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T00:00:00", "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2157054" }, { "url": "https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e" }, { "name": "[debian-lts-announce] 20230613 [SECURITY] [DLA 3454-1] ffmpeg security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00016.html" } ] } }, "cveMetadata": { "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "assignerShortName": "fedora", "cveId": "CVE-2022-3341", "datePublished": "2023-01-12T00:00:00", "dateReserved": "2022-09-27T00:00:00", "dateUpdated": "2024-08-03T01:07:06.510Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-22015
Vulnerability from cvelistv5
Published
2021-05-26 16:25
Modified
2024-08-04 14:30
Severity ?
EPSS score ?
Summary
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.
References
▼ | URL | Tags |
---|---|---|
https://trac.ffmpeg.org/ticket/8190 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2021/dsa-4990 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T14:30:33.817Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/8190" }, { "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html" }, { "name": "DSA-4990", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4990" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-20T10:06:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://trac.ffmpeg.org/ticket/8190" }, { "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html" }, { "name": "DSA-4990", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4990" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-22015", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://trac.ffmpeg.org/ticket/8190", "refsource": "MISC", "url": "https://trac.ffmpeg.org/ticket/8190" }, { "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html" }, { "name": "DSA-4990", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4990" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-22015", "datePublished": "2021-05-26T16:25:49", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T14:30:33.817Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-125023
Vulnerability from cvelistv5
Published
2022-06-19 06:10
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=2240e2078d | x_refsource_MISC | |
https://vuldb.com/?id.12301 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | unspecified | FFmpeg |
Version: 2.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:10:56.347Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=2240e2078d" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://vuldb.com/?id.12301" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FFmpeg", "vendor": "unspecified", "versions": [ { "status": "affected", "version": "2.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-19T06:10:32", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=2240e2078d" }, { "tags": [ "x_refsource_MISC" ], "url": "https://vuldb.com/?id.12301" } ], "title": "FFmpeg Truemotion1 truemotion1_decode_header memory corruption", "x_generator": "vuldb.com", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2014-125023", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "FFmpeg Truemotion1 truemotion1_decode_header memory corruption" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "FFmpeg", "version": { "version_data": [ { "version_value": "2.0" } ] } } ] }, "vendor_name": "" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue." } ] }, "generator": "vuldb.com", "impact": { "cvss": { "baseScore": "5.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119 Memory Corruption" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=2240e2078d", "refsource": "MISC", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=2240e2078d" }, { "name": "https://vuldb.com/?id.12301", "refsource": "MISC", "url": "https://vuldb.com/?id.12301" } ] } } } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2014-125023", "datePublished": "2022-06-19T06:10:32", "dateReserved": "2022-06-18T00:00:00", "dateUpdated": "2024-08-06T14:10:56.347Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-8365
Vulnerability from cvelistv5
Published
2015-11-26 17:00
Modified
2024-08-06 08:13
Severity ?
EPSS score ?
Summary
The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.
References
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html | vendor-advisory, x_refsource_SUSE | |
http://www.ubuntu.com/usn/USN-2944-1 | vendor-advisory, x_refsource_UBUNTU | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=4a9af07a49295e014b059c1ab624c40345af5892 | x_refsource_CONFIRM | |
http://www.debian.org/security/2017/dsa-4012 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:13:32.825Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2015:2370", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html" }, { "name": "USN-2944-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2944-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=4a9af07a49295e014b059c1ab624c40345af5892" }, { "name": "DSA-4012", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-4012" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-11-15T00:00:00", "descriptions": [ { "lang": "en", "value": "The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "openSUSE-SU-2015:2370", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html" }, { "name": "USN-2944-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2944-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=4a9af07a49295e014b059c1ab624c40345af5892" }, { "name": "DSA-4012", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-4012" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8365", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2015:2370", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html" }, { "name": "USN-2944-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2944-1" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892" }, { "name": "DSA-4012", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-4012" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8365", "datePublished": "2015-11-26T17:00:00", "dateReserved": "2015-11-26T00:00:00", "dateUpdated": "2024-08-06T08:13:32.825Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-2784
Vulnerability from cvelistv5
Published
2012-09-10 22:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2012/09/02/4 | mailing-list, x_refsource_MLIST | |
http://libav.org/releases/libav-0.8.4.changelog | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/55355 | vdb-entry, x_refsource_BID | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=25715064c2ef4978672a91f8c856f3e8809a7c45 | x_refsource_CONFIRM | |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | vendor-advisory, x_refsource_MANDRIVA | |
http://www.openwall.com/lists/oss-security/2012/08/31/3 | mailing-list, x_refsource_MLIST | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://libav.org/releases/libav-0.7.7.changelog | x_refsource_CONFIRM | |
http://secunia.com/advisories/50468 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/51257 | third-party-advisory, x_refsource_SECUNIA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:42:32.436Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/55355" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=25715064c2ef4978672a91f8c856f3e8809a7c45" }, { "name": "MDVSA-2013:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-03-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to \"width/height changing in CAVS,\" a different vulnerability than CVE-2012-2777." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-12-10T15:57:00", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/55355" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=25715064c2ef4978672a91f8c856f3e8809a7c45" }, { "name": "MDVSA-2013:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2012-2784", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to \"width/height changing in CAVS,\" a different vulnerability than CVE-2012-2777." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "name": "http://libav.org/releases/libav-0.8.4.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "name": "55355", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55355" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=25715064c2ef4978672a91f8c856f3e8809a7c45", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=25715064c2ef4978672a91f8c856f3e8809a7c45" }, { "name": "MDVSA-2013:079", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" }, { "name": "http://libav.org/releases/libav-0.7.7.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "name": "50468", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51257" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2012-2784", "datePublished": "2012-09-10T22:00:00", "dateReserved": "2012-05-19T00:00:00", "dateUpdated": "2024-08-06T19:42:32.436Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-6820
Vulnerability from cvelistv5
Published
2015-09-06 01:00
Modified
2024-08-06 07:29
Severity ?
EPSS score ?
Summary
The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=79a98294da6cd85f8c86b34764c5e0c43b09eea3 | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-2944-1 | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | mailing-list, x_refsource_MLIST | |
http://www.securitytracker.com/id/1033483 | vdb-entry, x_refsource_SECTRACK | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:29:25.286Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=79a98294da6cd85f8c86b34764c5e0c43b09eea3" }, { "name": "USN-2944-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2944-1" }, { "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" }, { "name": "1033483", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1033483" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-21T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=79a98294da6cd85f8c86b34764c5e0c43b09eea3" }, { "name": "USN-2944-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2944-1" }, { "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" }, { "name": "1033483", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1033483" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6820", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3" }, { "name": "USN-2944-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2944-1" }, { "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" }, { "name": "1033483", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033483" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-6820", "datePublished": "2015-09-06T01:00:00", "dateReserved": "2015-09-05T00:00:00", "dateUpdated": "2024-08-06T07:29:25.286Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-7012
Vulnerability from cvelistv5
Published
2013-12-09 11:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
References
▼ | URL | Tags |
---|---|---|
https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201603-06 | vendor-advisory, x_refsource_GENTOO | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://openwall.com/lists/oss-security/2013/12/08/3 | mailing-list, x_refsource_MLIST | |
https://trac.ffmpeg.org/ticket/3080 | x_refsource_CONFIRM | |
http://openwall.com/lists/oss-security/2013/11/26/7 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:53:45.848Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-06" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" }, { "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2013/12/08/3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/3080" }, { "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2013/11/26/7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-11-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-06" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" }, { "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2013/12/08/3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://trac.ffmpeg.org/ticket/3080" }, { "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2013/11/26/7" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7012", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a", "refsource": "CONFIRM", "url": "https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a" }, { "name": "GLSA-201603-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-06" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" }, { "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/12/08/3" }, { "name": "https://trac.ffmpeg.org/ticket/3080", "refsource": "CONFIRM", "url": "https://trac.ffmpeg.org/ticket/3080" }, { "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/11/26/7" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7012", "datePublished": "2013-12-09T11:00:00", "dateReserved": "2013-12-08T00:00:00", "dateUpdated": "2024-08-06T17:53:45.848Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-2263
Vulnerability from cvelistv5
Published
2014-02-28 18:00
Modified
2024-08-06 10:06
Severity ?
EPSS score ?
Summary
The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc | x_refsource_CONFIRM | |
http://secunia.com/advisories/56971 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securitytracker.com/id/1029850 | vdb-entry, x_refsource_SECTRACK | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/91174 | vdb-entry, x_refsource_XF | |
https://security.gentoo.org/glsa/201603-06 | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/65560 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:06:00.191Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc" }, { "name": "56971", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56971" }, { "name": "1029850", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029850" }, { "name": "ffmpeg-mpegtswritepmt-bo(91174)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91174" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-06" }, { "name": "65560", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65560" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-13T00:00:00", "descriptions": [ { "lang": "en", "value": "The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=842b6c14bc" }, { "name": "56971", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56971" }, { "name": "1029850", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029850" }, { "name": "ffmpeg-mpegtswritepmt-bo(91174)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91174" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-06" }, { "name": "65560", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65560" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2263", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=842b6c14bc", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=842b6c14bc" }, { "name": "56971", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56971" }, { "name": "1029850", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029850" }, { "name": "ffmpeg-mpegtswritepmt-bo(91174)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91174" }, { "name": "GLSA-201603-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-06" }, { "name": "65560", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65560" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2263", "datePublished": "2014-02-28T18:00:00", "dateReserved": "2014-02-28T00:00:00", "dateUpdated": "2024-08-06T10:06:00.191Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-35965
Vulnerability from cvelistv5
Published
2021-01-04 01:07
Modified
2024-08-04 17:16
Severity ?
EPSS score ?
Summary
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.
References
▼ | URL | Tags |
---|---|---|
https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3 | x_refsource_MISC | |
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532 | x_refsource_MISC | |
https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/202105-24 | vendor-advisory, x_refsource_GENTOO | |
https://www.debian.org/security/2021/dsa-4990 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:16:13.456Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b" }, { "name": "[debian-lts-announce] 20210131 [SECURITY] [DLA 2537-1] ffmpeg security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html" }, { "name": "GLSA-202105-24", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202105-24" }, { "name": "DSA-4990", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4990" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-20T10:07:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b" }, { "name": "[debian-lts-announce] 20210131 [SECURITY] [DLA 2537-1] ffmpeg security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html" }, { "name": "GLSA-202105-24", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202105-24" }, { "name": "DSA-4990", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4990" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-35965", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3", "refsource": "MISC", "url": "https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3" }, { "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532", "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532" }, { "name": "https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b", "refsource": "MISC", "url": "https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b" }, { "name": "[debian-lts-announce] 20210131 [SECURITY] [DLA 2537-1] ffmpeg security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html" }, { "name": "GLSA-202105-24", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202105-24" }, { "name": "DSA-4990", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4990" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35965", "datePublished": "2021-01-04T01:07:31", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-04T17:16:13.456Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-125025
Vulnerability from cvelistv5
Published
2022-06-19 06:10
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e42ccb9db | x_refsource_MISC | |
https://vuldb.com/?id.12303 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | unspecified | FFmpeg |
Version: 2.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:10:56.568Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e42ccb9db" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://vuldb.com/?id.12303" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FFmpeg", "vendor": "unspecified", "versions": [ { "status": "affected", "version": "2.0" } ] } ], "credits": [ { "lang": "en", "value": "Gynvael Coldwind/Mateusz Jurczyk" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-19T06:10:35", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e42ccb9db" }, { "tags": [ "x_refsource_MISC" ], "url": "https://vuldb.com/?id.12303" } ], "title": "FFmpeg decode_pulses memory corruption", "x_generator": "vuldb.com", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2014-125025", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "FFmpeg decode_pulses memory corruption" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "FFmpeg", "version": { "version_data": [ { "version_value": "2.0" } ] } } ] }, "vendor_name": "" } ] } }, "credit": "Gynvael Coldwind/Mateusz Jurczyk", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue." } ] }, "generator": "vuldb.com", "impact": { "cvss": { "baseScore": "5.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119 Memory Corruption" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6e42ccb9db", "refsource": "MISC", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6e42ccb9db" }, { "name": "https://vuldb.com/?id.12303", "refsource": "MISC", "url": "https://vuldb.com/?id.12303" } ] } } } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2014-125025", "datePublished": "2022-06-19T06:10:35", "dateReserved": "2022-06-18T00:00:00", "dateUpdated": "2024-08-06T14:10:56.568Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-22039
Vulnerability from cvelistv5
Published
2021-06-01 19:30
Modified
2024-08-04 14:51
Severity ?
EPSS score ?
Summary
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.
References
▼ | URL | Tags |
---|---|---|
https://trac.ffmpeg.org/ticket/8302 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T14:51:09.418Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/8302" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-01T19:30:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://trac.ffmpeg.org/ticket/8302" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-22039", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://trac.ffmpeg.org/ticket/8302", "refsource": "MISC", "url": "https://trac.ffmpeg.org/ticket/8302" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-22039", "datePublished": "2021-06-01T19:30:09", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T14:51:09.418Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-2790
Vulnerability from cvelistv5
Published
2012-09-10 22:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode."
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2012/09/02/4 | mailing-list, x_refsource_MLIST | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=2837d8dc276760db1821b81df3f794a90bfa56e6 | x_refsource_CONFIRM | |
http://libav.org/releases/libav-0.8.4.changelog | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/55355 | vdb-entry, x_refsource_BID | |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 | vendor-advisory, x_refsource_MANDRIVA | |
http://www.openwall.com/lists/oss-security/2012/08/31/3 | mailing-list, x_refsource_MLIST | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://libav.org/releases/libav-0.7.7.changelog | x_refsource_CONFIRM | |
http://secunia.com/advisories/50468 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/51257 | third-party-advisory, x_refsource_SECUNIA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:42:32.553Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=2837d8dc276760db1821b81df3f794a90bfa56e6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/55355" }, { "name": "MDVSA-2013:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-04-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the \"number of decoded samples in first sub-block in BGMC mode.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-12-10T15:57:00", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=2837d8dc276760db1821b81df3f794a90bfa56e6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/55355" }, { "name": "MDVSA-2013:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2012-2790", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the \"number of decoded samples in first sub-block in BGMC mode.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2837d8dc276760db1821b81df3f794a90bfa56e6", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2837d8dc276760db1821b81df3f794a90bfa56e6" }, { "name": "http://libav.org/releases/libav-0.8.4.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.8.4.changelog" }, { "name": "55355", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55355" }, { "name": "MDVSA-2013:079", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" }, { "name": "http://libav.org/releases/libav-0.7.7.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "name": "50468", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50468" }, { "name": "51257", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51257" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2012-2790", "datePublished": "2012-09-10T22:00:00", "dateReserved": "2012-05-19T00:00:00", "dateUpdated": "2024-08-06T19:42:32.553Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-3675
Vulnerability from cvelistv5
Published
2013-06-10 01:00
Modified
2024-09-16 17:42
Severity ?
EPSS score ?
Summary
The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=524d0d2cfc7bab1b348f85e7c0369859e63781cf | x_refsource_CONFIRM | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915 | x_refsource_CONFIRM | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:14:56.817Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=524d0d2cfc7bab1b348f85e7c0369859e63781cf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-06-10T01:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=524d0d2cfc7bab1b348f85e7c0369859e63781cf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3675", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=524d0d2cfc7bab1b348f85e7c0369859e63781cf", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=524d0d2cfc7bab1b348f85e7c0369859e63781cf" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3675", "datePublished": "2013-06-10T01:00:00Z", "dateReserved": "2013-05-24T00:00:00Z", "dateUpdated": "2024-09-16T17:42:57.000Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-2791
Vulnerability from cvelistv5
Published
2012-09-10 22:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2012/09/02/4 | mailing-list, x_refsource_MLIST | |
http://libav.org/releases/libav-0.8.5.changelog | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/55355 | vdb-entry, x_refsource_BID | |
http://www.openwall.com/lists/oss-security/2012/08/31/3 | mailing-list, x_refsource_MLIST | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://libav.org/releases/libav-0.7.7.changelog | x_refsource_CONFIRM | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=0846719dd11ab3f7a7caee13e7af71f71d913389 | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-1705-1 | vendor-advisory, x_refsource_UBUNTU | |
http://secunia.com/advisories/50468 | third-party-advisory, x_refsource_SECUNIA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:42:32.426Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.8.5.changelog" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/55355" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=0846719dd11ab3f7a7caee13e7af71f71d913389" }, { "name": "USN-1705-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1705-1" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50468" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-04-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the \"transform size.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-02-07T10:00:00", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.8.5.changelog" }, { "name": "55355", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/55355" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=0846719dd11ab3f7a7caee13e7af71f71d913389" }, { "name": "USN-1705-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1705-1" }, { "name": "50468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50468" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2012-2791", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the \"transform size.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" }, { "name": "http://libav.org/releases/libav-0.8.5.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.8.5.changelog" }, { "name": "55355", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55355" }, { "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" }, { "name": "http://libav.org/releases/libav-0.7.7.changelog", "refsource": "CONFIRM", "url": "http://libav.org/releases/libav-0.7.7.changelog" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0846719dd11ab3f7a7caee13e7af71f71d913389", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0846719dd11ab3f7a7caee13e7af71f71d913389" }, { "name": "USN-1705-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1705-1" }, { "name": "50468", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50468" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2012-2791", "datePublished": "2012-09-10T22:00:00", "dateReserved": "2012-05-19T00:00:00", "dateUpdated": "2024-08-06T19:42:32.426Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0857
Vulnerability from cvelistv5
Published
2013-12-07 21:00
Modified
2024-08-06 14:41
Severity ?
EPSS score ?
Summary
The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.
References
▼ | URL | Tags |
---|---|---|
http://www.debian.org/security/2013/dsa-2793 | vendor-advisory, x_refsource_DEBIAN | |
http://www.ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=2fbb37b51bbea891392ad357baf8f3dff00bac05 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:41:47.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2793", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2793" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=2fbb37b51bbea891392ad357baf8f3dff00bac05" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-01-23T14:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "name": "DSA-2793", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2793" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=2fbb37b51bbea891392ad357baf8f3dff00bac05" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2013-0857", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-2793", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2793" }, { "name": "http://www.ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://www.ffmpeg.org/security.html" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2013-0857", "datePublished": "2013-12-07T21:00:00", "dateReserved": "2013-01-07T00:00:00", "dateUpdated": "2024-08-06T14:41:47.335Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-15672
Vulnerability from cvelistv5
Published
2017-11-06 17:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/101690 | vdb-entry, x_refsource_BID | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c20f4fcb74da2d0432c7b54499bb98f48236b904 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2017/11/03/4 | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2017/dsa-4049 | vendor-advisory, x_refsource_DEBIAN | |
https://github.com/FFmpeg/FFmpeg/commit/d893253fcd93d11258e98857175e93be7d158708 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:57:27.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "101690", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101690" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c20f4fcb74da2d0432c7b54499bb98f48236b904" }, { "name": "[oss-security] 20171103 [CVE-2017-15672]: ffmpeg: read out of bounds of buffer when it parsing an craft mp4 file.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2017/11/03/4" }, { "name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" }, { "name": "DSA-4049", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4049" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/d893253fcd93d11258e98857175e93be7d158708" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-11-03T00:00:00", "descriptions": [ { "lang": "en", "value": "The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-04T17:48:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "101690", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101690" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c20f4fcb74da2d0432c7b54499bb98f48236b904" }, { "name": "[oss-security] 20171103 [CVE-2017-15672]: ffmpeg: read out of bounds of buffer when it parsing an craft mp4 file.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2017/11/03/4" }, { "name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" }, { "name": "DSA-4049", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4049" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/d893253fcd93d11258e98857175e93be7d158708" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15672", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "101690", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101690" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904" }, { "name": "[oss-security] 20171103 [CVE-2017-15672]: ffmpeg: read out of bounds of buffer when it parsing an craft mp4 file.", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/11/03/4" }, { "name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" }, { "name": "DSA-4049", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4049" }, { "name": "https://github.com/FFmpeg/FFmpeg/commit/d893253fcd93d11258e98857175e93be7d158708", "refsource": "MISC", "url": "https://github.com/FFmpeg/FFmpeg/commit/d893253fcd93d11258e98857175e93be7d158708" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15672", "datePublished": "2017-11-06T17:00:00", "dateReserved": "2017-10-20T00:00:00", "dateUpdated": "2024-08-05T19:57:27.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-3395
Vulnerability from cvelistv5
Published
2015-06-16 16:00
Modified
2024-08-06 05:47
Severity ?
EPSS score ?
Summary
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.
References
▼ | URL | Tags |
---|---|---|
https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4 | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201705-08 | vendor-advisory, x_refsource_GENTOO | |
http://www.ubuntu.com/usn/USN-2944-1 | vendor-advisory, x_refsource_UBUNTU | |
http://www.debian.org/security/2015/dsa-3288 | vendor-advisory, x_refsource_DEBIAN | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553 | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201603-06 | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/74433 | vdb-entry, x_refsource_BID | |
https://www.ffmpeg.org/security.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T05:47:57.389Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4" }, { "name": "GLSA-201705-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201705-08" }, { "name": "USN-2944-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2944-1" }, { "name": "DSA-3288", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3288" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-06" }, { "name": "74433", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/74433" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ffmpeg.org/security.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-03-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.libav.org/?p=libav.git%3Ba=blob%3Bf=Changelog%3Bhb=refs/tags/v11.4" }, { "name": "GLSA-201705-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201705-08" }, { "name": "USN-2944-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2944-1" }, { "name": "DSA-3288", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3288" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=f7e1367f58263593e6cee3c282f7277d7ee9d553" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-06" }, { "name": "74433", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/74433" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ffmpeg.org/security.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3395", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4", "refsource": "CONFIRM", "url": "https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4" }, { "name": "GLSA-201705-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201705-08" }, { "name": "USN-2944-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2944-1" }, { "name": "DSA-3288", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3288" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7e1367f58263593e6cee3c282f7277d7ee9d553", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7e1367f58263593e6cee3c282f7277d7ee9d553" }, { "name": "GLSA-201603-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-06" }, { "name": "74433", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74433" }, { "name": "https://www.ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "https://www.ffmpeg.org/security.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-3395", "datePublished": "2015-06-16T16:00:00", "dateReserved": "2015-04-21T00:00:00", "dateUpdated": "2024-08-06T05:47:57.389Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-7555
Vulnerability from cvelistv5
Published
2016-12-23 05:00
Modified
2024-08-06 02:04
Severity ?
EPSS score ?
Summary
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/10/08/1 | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/94838 | vdb-entry, x_refsource_BID | |
https://security.gentoo.org/glsa/201701-71 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:04:55.611Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/08/1" }, { "name": "94838", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94838" }, { "name": "GLSA-201701-71", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201701-71" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-10-08T00:00:00", "descriptions": [ { "lang": "en", "value": "The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted \"strh\" structure." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/08/1" }, { "name": "94838", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94838" }, { "name": "GLSA-201701-71", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201701-71" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7555", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted \"strh\" structure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/08/1" }, { "name": "94838", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94838" }, { "name": "GLSA-201701-71", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-71" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7555", "datePublished": "2016-12-23T05:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T02:04:55.611Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-11339
Vulnerability from cvelistv5
Published
2019-04-18 23:52
Modified
2024-08-04 22:48
Severity ?
EPSS score ?
Summary
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
References
▼ | URL | Tags |
---|---|---|
https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a | x_refsource_MISC | |
https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb | x_refsource_MISC | |
http://www.securityfocus.com/bid/108037 | vdb-entry, x_refsource_BID | |
https://usn.ubuntu.com/3967-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html | vendor-advisory, x_refsource_SUSE |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:48:09.215Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb" }, { "name": "108037", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108037" }, { "name": "USN-3967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3967-1/" }, { "name": "openSUSE-SU-2020:0024", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-14T00:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb" }, { "name": "108037", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108037" }, { "name": "USN-3967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3967-1/" }, { "name": "openSUSE-SU-2020:0024", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11339", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a", "refsource": "MISC", "url": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a" }, { "name": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb", "refsource": "MISC", "url": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb" }, { "name": "108037", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108037" }, { "name": "USN-3967-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3967-1/" }, { "name": "openSUSE-SU-2020:0024", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11339", "datePublished": "2019-04-18T23:52:15", "dateReserved": "2019-04-18T00:00:00", "dateUpdated": "2024-08-04T22:48:09.215Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0851
Vulnerability from cvelistv5
Published
2013-12-07 21:00
Modified
2024-08-06 14:41
Severity ?
EPSS score ?
Summary
The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.
References
▼ | URL | Tags |
---|---|---|
http://www.ffmpeg.org/security.html | x_refsource_CONFIRM | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=63ac64864c6e0e84355aa3caa5b92208997a9a8d | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:41:47.601Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=63ac64864c6e0e84355aa3caa5b92208997a9a8d" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-11-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-12-07T20:57:00", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=63ac64864c6e0e84355aa3caa5b92208997a9a8d" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2013-0851", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://www.ffmpeg.org/security.html" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2013-0851", "datePublished": "2013-12-07T21:00:00", "dateReserved": "2013-01-07T00:00:00", "dateUpdated": "2024-08-06T14:41:47.601Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-4610
Vulnerability from cvelistv5
Published
2020-01-14 15:41
Modified
2024-08-06 11:20
Severity ?
EPSS score ?
Summary
Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.
References
▼ | URL | Tags |
---|---|---|
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2014/06/26/23 | x_refsource_MISC | |
https://www.ffmpeg.org/security.html | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T11:20:26.766Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/06/26/23" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.ffmpeg.org/security.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-06-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-14T15:41:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.openwall.com/lists/oss-security/2014/06/26/23" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.ffmpeg.org/security.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4610", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "refsource": "MISC", "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html" }, { "name": "http://www.openwall.com/lists/oss-security/2014/06/26/23", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2014/06/26/23" }, { "name": "https://www.ffmpeg.org/security.html", "refsource": "MISC", "url": "https://www.ffmpeg.org/security.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4610", "datePublished": "2020-01-14T15:41:04", "dateReserved": "2014-06-23T00:00:00", "dateUpdated": "2024-08-06T11:20:26.766Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-14171
Vulnerability from cvelistv5
Published
2017-09-07 06:00
Modified
2024-08-05 19:20
Severity ?
EPSS score ?
Summary
In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop.
References
▼ | URL | Tags |
---|---|---|
https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100706 | vdb-entry, x_refsource_BID | |
https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html | mailing-list, x_refsource_MLIST | |
http://www.debian.org/security/2017/dsa-3996 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:20:41.465Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7" }, { "name": "100706", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100706" }, { "name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" }, { "name": "DSA-3996", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3996" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-09-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large \"table_entries_used\" field in the header but does not contain sufficient backing data, is provided, the loop over \u0027table_entries_used\u0027 would consume huge CPU resources, since there is no EOF check inside the loop." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-05T19:06:43", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7" }, { "name": "100706", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100706" }, { "name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" }, { "name": "DSA-3996", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3996" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14171", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large \"table_entries_used\" field in the header but does not contain sufficient backing data, is provided, the loop over \u0027table_entries_used\u0027 would consume huge CPU resources, since there is no EOF check inside the loop." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7", "refsource": "CONFIRM", "url": "https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7" }, { "name": "100706", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100706" }, { "name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" }, { "name": "DSA-3996", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3996" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14171", "datePublished": "2017-09-07T06:00:00", "dateReserved": "2017-09-07T00:00:00", "dateUpdated": "2024-08-05T19:20:41.465Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-6615
Vulnerability from cvelistv5
Published
2013-12-24 20:00
Modified
2024-09-16 17:09
Severity ?
EPSS score ?
Summary
The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=20c121c00747d6c3b0b0f98deeff021171b2ed74 | x_refsource_CONFIRM | |
http://www.ffmpeg.org/security.html | x_refsource_CONFIRM | |
https://trac.ffmpeg.org/ticket/2048 | x_refsource_CONFIRM | |
http://www.osvdb.org/89592 | vdb-entry, x_refsource_OSVDB | |
http://secunia.com/advisories/51964 | third-party-advisory, x_refsource_SECUNIA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:36:01.446Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=20c121c00747d6c3b0b0f98deeff021171b2ed74" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/2048" }, { "name": "89592", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/89592" }, { "name": "51964", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51964" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-12-24T20:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=20c121c00747d6c3b0b0f98deeff021171b2ed74" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ffmpeg.org/security.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://trac.ffmpeg.org/ticket/2048" }, { "name": "89592", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/89592" }, { "name": "51964", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51964" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6615", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=20c121c00747d6c3b0b0f98deeff021171b2ed74", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=20c121c00747d6c3b0b0f98deeff021171b2ed74" }, { "name": "http://www.ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://www.ffmpeg.org/security.html" }, { "name": "https://trac.ffmpeg.org/ticket/2048", "refsource": "CONFIRM", "url": "https://trac.ffmpeg.org/ticket/2048" }, { "name": "89592", "refsource": "OSVDB", "url": "http://www.osvdb.org/89592" }, { "name": "51964", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51964" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-6615", "datePublished": "2013-12-24T20:00:00Z", "dateReserved": "2013-12-24T00:00:00Z", "dateUpdated": "2024-09-16T17:09:13.870Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7751
Vulnerability from cvelistv5
Published
2018-04-24 06:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/103956 | vdb-entry, x_refsource_BID | |
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202003-65 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:58.095Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "103956", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103956" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f" }, { "name": "GLSA-202003-65", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-65" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-04-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-30T16:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "103956", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103956" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f" }, { "name": "GLSA-202003-65", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-65" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7751", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "103956", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103956" }, { "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f", "refsource": "CONFIRM", "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f" }, { "name": "GLSA-202003-65", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-65" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7751", "datePublished": "2018-04-24T06:00:00", "dateReserved": "2018-03-07T00:00:00", "dateUpdated": "2024-08-05T06:37:58.095Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38090
Vulnerability from cvelistv5
Published
2021-09-20 15:20
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
References
▼ | URL | Tags |
---|---|---|
https://trac.ffmpeg.org/ticket/8263 | x_refsource_MISC | |
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:30:09.264Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/8263" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-20T15:20:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://trac.ffmpeg.org/ticket/8263" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-38090", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://trac.ffmpeg.org/ticket/8263", "refsource": "MISC", "url": "https://trac.ffmpeg.org/ticket/8263" }, { "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23", "refsource": "MISC", "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-38090", "datePublished": "2021-09-20T15:20:01", "dateReserved": "2021-08-04T00:00:00", "dateUpdated": "2024-08-04T01:30:09.264Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-2098
Vulnerability from cvelistv5
Published
2014-03-02 02:00
Modified
2024-08-06 10:05
Severity ?
EPSS score ?
Summary
libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3 | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201603-06 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:05:59.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-07T00:00:00", "descriptions": [ { "lang": "en", "value": "libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-06" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2098", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3" }, { "name": "GLSA-201603-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-06" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2098", "datePublished": "2014-03-02T02:00:00", "dateReserved": "2014-02-24T00:00:00", "dateUpdated": "2024-08-06T10:05:59.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-22056
Vulnerability from cvelistv5
Published
2021-06-02 17:55
Modified
2024-08-04 14:51
Severity ?
EPSS score ?
Summary
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.
References
▼ | URL | Tags |
---|---|---|
https://trac.ffmpeg.org/ticket/8304 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T14:51:10.905Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/8304" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-02T17:55:54", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://trac.ffmpeg.org/ticket/8304" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-22056", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://trac.ffmpeg.org/ticket/8304", "refsource": "MISC", "url": "https://trac.ffmpeg.org/ticket/8304" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-22056", "datePublished": "2021-06-02T17:55:54", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T14:51:10.905Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-8663
Vulnerability from cvelistv5
Published
2015-12-24 01:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1034539 | vdb-entry, x_refsource_SECTRACK | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | mailing-list, x_refsource_MLIST | |
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html | vendor-advisory, x_refsource_SUSE | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=abee0a1c60612e8638640a8a3738fffb65e16dbf | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:43.683Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1034539", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034539" }, { "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" }, { "name": "openSUSE-SU-2016:0089", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=abee0a1c60612e8638640a8a3738fffb65e16dbf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-23T00:00:00", "descriptions": [ { "lang": "en", "value": "The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-21T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1034539", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034539" }, { "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" }, { "name": "openSUSE-SU-2016:0089", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=abee0a1c60612e8638640a8a3738fffb65e16dbf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8663", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1034539", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034539" }, { "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" }, { "name": "openSUSE-SU-2016:0089", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8663", "datePublished": "2015-12-24T01:00:00", "dateReserved": "2015-12-23T00:00:00", "dateUpdated": "2024-08-06T08:20:43.683Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-7785
Vulnerability from cvelistv5
Published
2016-12-23 05:00
Modified
2024-08-06 02:04
Severity ?
EPSS score ?
Summary
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/10/08/1 | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201701-71 | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/94833 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:04:56.019Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/08/1" }, { "name": "GLSA-201701-71", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201701-71" }, { "name": "94833", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94833" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-10-08T00:00:00", "descriptions": [ { "lang": "en", "value": "The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/08/1" }, { "name": "GLSA-201701-71", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201701-71" }, { "name": "94833", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94833" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7785", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/08/1" }, { "name": "GLSA-201701-71", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-71" }, { "name": "94833", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94833" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7785", "datePublished": "2016-12-23T05:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T02:04:56.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-22048
Vulnerability from cvelistv5
Published
2021-06-02 15:40
Modified
2024-08-04 14:51
Severity ?
EPSS score ?
Summary
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
References
▼ | URL | Tags |
---|---|---|
https://trac.ffmpeg.org/ticket/8303 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T14:51:10.353Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/8303" }, { "name": "[debian-lts-announce] 20211114 [SECURITY] [DLA 2818-1] ffmpeg security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-14T22:06:26", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://trac.ffmpeg.org/ticket/8303" }, { "name": "[debian-lts-announce] 20211114 [SECURITY] [DLA 2818-1] ffmpeg security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-22048", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://trac.ffmpeg.org/ticket/8303", "refsource": "MISC", "url": "https://trac.ffmpeg.org/ticket/8303" }, { "name": "[debian-lts-announce] 20211114 [SECURITY] [DLA 2818-1] ffmpeg security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-22048", "datePublished": "2021-06-02T15:40:20", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T14:51:10.353Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-0859
Vulnerability from cvelistv5
Published
2012-08-20 18:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893.
References
▼ | URL | Tags |
---|---|---|
http://www.ubuntu.com/usn/USN-1479-1 | vendor-advisory, x_refsource_UBUNTU | |
http://www.openwall.com/lists/oss-security/2012/02/14/4 | mailing-list, x_refsource_MLIST | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/78925 | vdb-entry, x_refsource_XF | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2 | x_refsource_CONFIRM | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:14.835Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-1479-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1479-1" }, { "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" }, { "name": "ffmpeg-renderline-code-exec(78925)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78925" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-1479-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1479-1" }, { "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" }, { "name": "ffmpeg-renderline-code-exec(78925)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78925" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0859", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-1479-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1479-1" }, { "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" }, { "name": "ffmpeg-renderline-code-exec(78925)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78925" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0859", "datePublished": "2012-08-20T18:00:00", "dateReserved": "2012-01-19T00:00:00", "dateUpdated": "2024-08-06T18:38:14.835Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-22040
Vulnerability from cvelistv5
Published
2021-06-01 19:18
Modified
2024-08-04 14:51
Severity ?
EPSS score ?
Summary
A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.
References
▼ | URL | Tags |
---|---|---|
https://trac.ffmpeg.org/ticket/8283 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T14:51:10.377Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://trac.ffmpeg.org/ticket/8283" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-01T19:18:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://trac.ffmpeg.org/ticket/8283" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-22040", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://trac.ffmpeg.org/ticket/8283", "refsource": "MISC", "url": "https://trac.ffmpeg.org/ticket/8283" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-22040", "datePublished": "2021-06-01T19:18:14", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T14:51:10.377Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-8544
Vulnerability from cvelistv5
Published
2014-11-05 11:00
Modified
2024-08-06 13:18
Severity ?
EPSS score ?
Summary
libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5 | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-2534-1 | vendor-advisory, x_refsource_UBUNTU | |
http://www.ffmpeg.org/security.html | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201603-06 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:18:48.642Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5" }, { "name": "USN-2534-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2534-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ffmpeg.org/security.html" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-10-09T00:00:00", "descriptions": [ { "lang": "en", "value": "libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5" }, { "name": "USN-2534-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2534-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ffmpeg.org/security.html" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-06" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8544", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5" }, { "name": "USN-2534-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2534-1" }, { "name": "http://www.ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://www.ffmpeg.org/security.html" }, { "name": "GLSA-201603-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-06" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-8544", "datePublished": "2014-11-05T11:00:00", "dateReserved": "2014-10-30T00:00:00", "dateUpdated": "2024-08-06T13:18:48.642Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-8662
Vulnerability from cvelistv5
Published
2015-12-24 01:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1034539 | vdb-entry, x_refsource_SECTRACK | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html | mailing-list, x_refsource_MLIST | |
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html | vendor-advisory, x_refsource_SUSE | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:43.666Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1034539", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034539" }, { "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" }, { "name": "openSUSE-SU-2016:0089", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-23T00:00:00", "descriptions": [ { "lang": "en", "value": "The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-21T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1034539", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034539" }, { "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" }, { "name": "openSUSE-SU-2016:0089", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8662", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1034539", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034539" }, { "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" }, { "name": "openSUSE-SU-2016:0089", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8662", "datePublished": "2015-12-24T01:00:00", "dateReserved": "2015-12-23T00:00:00", "dateUpdated": "2024-08-06T08:20:43.666Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-8546
Vulnerability from cvelistv5
Published
2014-11-05 11:00
Modified
2024-08-06 13:18
Severity ?
EPSS score ?
Summary
Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.
References
▼ | URL | Tags |
---|---|---|
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e7e5114c506957f40aafd794e06de1a7e341e9d5 | x_refsource_CONFIRM | |
http://www.ffmpeg.org/security.html | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201603-06 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:18:48.636Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e7e5114c506957f40aafd794e06de1a7e341e9d5" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ffmpeg.org/security.html" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-10-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=e7e5114c506957f40aafd794e06de1a7e341e9d5" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ffmpeg.org/security.html" }, { "name": "GLSA-201603-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-06" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8546", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5" }, { "name": "http://www.ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://www.ffmpeg.org/security.html" }, { "name": "GLSA-201603-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-06" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-8546", "datePublished": "2014-11-05T11:00:00", "dateReserved": "2014-10-30T00:00:00", "dateUpdated": "2024-08-06T13:18:48.636Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-0852
Vulnerability from cvelistv5
Published
2012-08-20 18:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.
References
▼ | URL | Tags |
---|---|---|
http://www.ubuntu.com/usn/USN-1479-1 | vendor-advisory, x_refsource_UBUNTU | |
http://www.openwall.com/lists/oss-security/2012/02/14/4 | mailing-list, x_refsource_MLIST | |
https://ffmpeg.org/trac/ffmpeg/ticket/794 | x_refsource_CONFIRM | |
http://www.debian.org/security/2012/dsa-2494 | vendor-advisory, x_refsource_DEBIAN | |
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897 | x_refsource_CONFIRM | |
http://libav.org/ | x_refsource_CONFIRM | |
http://ffmpeg.org/security.html | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/78932 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:14.805Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-1479-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1479-1" }, { "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://ffmpeg.org/trac/ffmpeg/ticket/794" }, { "name": "DSA-2494", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2494" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://libav.org/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ffmpeg.org/security.html" }, { "name": "ffmpeg-adpcmdecodeframe-code-exec(78932)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-12-19T00:00:00", "descriptions": [ { "lang": "en", "value": "The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-1479-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1479-1" }, { "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://ffmpeg.org/trac/ffmpeg/ticket/794" }, { "name": "DSA-2494", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2494" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=608708009f69ba4cecebf05120c696167494c897" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://libav.org/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ffmpeg.org/security.html" }, { "name": "ffmpeg-adpcmdecodeframe-code-exec(78932)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0852", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-1479-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1479-1" }, { "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" }, { "name": "https://ffmpeg.org/trac/ffmpeg/ticket/794", "refsource": "CONFIRM", "url": "https://ffmpeg.org/trac/ffmpeg/ticket/794" }, { "name": "DSA-2494", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2494" }, { "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897" }, { "name": "http://libav.org/", "refsource": "CONFIRM", "url": "http://libav.org/" }, { "name": "http://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "http://ffmpeg.org/security.html" }, { "name": "ffmpeg-adpcmdecodeframe-code-exec(78932)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0852", "datePublished": "2012-08-20T18:00:00", "dateReserved": "2012-01-19T00:00:00", "dateUpdated": "2024-08-06T18:38:14.805Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-14222
Vulnerability from cvelistv5
Published
2017-09-09 01:00
Modified
2024-08-05 19:20
Severity ?
EPSS score ?
Summary
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100701 | vdb-entry, x_refsource_BID | |
https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382 | x_refsource_CONFIRM | |
http://www.debian.org/security/2017/dsa-3996 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:20:41.272Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100701", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100701" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382" }, { "name": "DSA-3996", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3996" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-09-08T00:00:00", "descriptions": [ { "lang": "en", "value": "In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large \"item_count\" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "100701", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100701" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382" }, { "name": "DSA-3996", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3996" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14222", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large \"item_count\" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "100701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100701" }, { "name": "https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382", "refsource": "CONFIRM", "url": "https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382" }, { "name": "DSA-3996", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3996" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14222", "datePublished": "2017-09-09T01:00:00", "dateReserved": "2017-09-08T00:00:00", "dateUpdated": "2024-08-05T19:20:41.272Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38093
Vulnerability from cvelistv5
Published
2021-09-20 15:20
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
References
▼ | URL | Tags |
---|---|---|
https://trac.ffmpeg.org/ticket/8263 | x_refsource_MISC | |
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 | x_refsource_MISC |
Impa