Search Results (499 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-8662 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.
CVE-2015-8363 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers.
CVE-2015-8219 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.
CVE-2015-8364 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2025-04-12 N/A
Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.
CVE-2015-8663 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file.
CVE-2014-8541 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2025-04-12 N/A
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.
CVE-2015-8216 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.
CVE-2015-8217 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data.
CVE-2015-6825 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file.
CVE-2015-6826 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2025-04-12 N/A
The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.
CVE-2015-8218 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.
CVE-2015-6822 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.
CVE-2015-6820 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2025-04-12 N/A
The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.
CVE-2014-8549 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.
CVE-2015-6819 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.
CVE-2015-6821 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.
CVE-2015-6823 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.
CVE-2014-9319 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.
CVE-2015-3417 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2025-04-12 N/A
Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.
CVE-2015-3395 3 Canonical, Ffmpeg, Libav 3 Ubuntu Linux, Ffmpeg, Libav 2025-04-12 N/A
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.