Total
429 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7502 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. | |||||
| CVE-2016-7450 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. | |||||
| CVE-2016-7122 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. | |||||
| CVE-2016-6920 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. | |||||
| CVE-2016-6881 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. | |||||
| CVE-2016-6671 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. | |||||
| CVE-2016-6164 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. | |||||
| CVE-2016-3062 | 4 Debian, Ffmpeg, Libav and 1 more | 4 Debian Linux, Ffmpeg, Libav and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. | |||||
| CVE-2016-2839 | 3 Ffmpeg, Linux, Mozilla | 3 Ffmpeg, Linux Kernel, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video. | |||||
| CVE-2016-2330 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions. | |||||
| CVE-2016-2329 | 2 Ffmpeg, Opensuse | 2 Ffmpeg, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions. | |||||
| CVE-2016-2328 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions. | |||||
| CVE-2016-2327 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions. | |||||
| CVE-2016-2326 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file. | |||||
| CVE-2016-2213 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data. | |||||
| CVE-2016-1898 | 3 Canonical, Ffmpeg, Opensuse | 3 Ubuntu Linux, Ffmpeg, Leap | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file. | |||||
| CVE-2016-1897 | 3 Canonical, Ffmpeg, Opensuse | 3 Ubuntu Linux, Ffmpeg, Leap | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. | |||||
| CVE-2016-10192 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. | |||||
| CVE-2016-10191 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. | |||||
| CVE-2016-10190 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. | |||||