flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."
Max CVSS
6.8
EPSS Score
4.73%
Published
2010-09-30
Updated
2018-10-10
Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.
Max CVSS
4.3
EPSS Score
2.68%
Published
2010-02-10
Updated
2011-10-26
The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error.
Max CVSS
4.3
EPSS Score
1.04%
Published
2010-02-10
Updated
2011-10-26
Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
Max CVSS
4.3
EPSS Score
1.43%
Published
2010-02-10
Updated
2010-05-04
FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.
Max CVSS
10.0
EPSS Score
20.63%
Published
2010-02-10
Updated
2010-05-20
FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop.
Max CVSS
4.3
EPSS Score
0.99%
Published
2010-02-10
Updated
2011-10-26
FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.
Max CVSS
9.3
EPSS Score
5.14%
Published
2010-02-10
Updated
2011-10-26
Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.
Max CVSS
10.0
EPSS Score
2.02%
Published
2010-02-10
Updated
2011-10-26
vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
3.90%
Published
2010-02-10
Updated
2011-10-26
oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read.
Max CVSS
5.8
EPSS Score
0.95%
Published
2010-02-10
Updated
2011-10-26
Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption.
Max CVSS
9.3
EPSS Score
1.98%
Published
2010-02-10
Updated
2010-05-04
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!