Debian Ffmpeg vulnerabilities

CVE-2018-12458 [MEDIUM] CVE-2018-12458: ffmpeg - An improper integer type in the mpeg4_encode_gop_header function in libavcodec/m... An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. Scope: local bookworm: resolved (fixed in 7:3.4.3-1) bullseye: resolved (fixed in 7:3.4.3-1) forky: resolved (fixed in 7:3.4.3-1) sid: re

CVE-2018-15822 [HIGH] CVE-2018-15822: ffmpeg - The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does... The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. Scope: local bookworm: resolved (fixed in 7:4.0.3-1) bullseye: resolved (fixed in 7:4.0.3-1) forky: resolved (fixed in 7:4.0.3-1) sid: resolved (fixed in 7:4.0.3-1) trixie: resolved (fixed in 7:4.0.3-1)

CVE-2017-7865 [CRITICAL] CVE-2017-7865: ffmpeg - FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffe... FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. Scope: local bookworm: resolved (fixed in 7:3.2.4-1) bullseye: resolved (fixed in 7:3.2.4-1) forky: resolved (fixed in 7:3.

CVE-2017-7866 [CRITICAL] CVE-2017-7866: ffmpeg - FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buff... FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. Scope: local bookworm: resolved (fixed in 7:3.2.4-1) bullseye: resolved (fixed in 7:3.2.4-1) forky: resolved (fixed in 7:3.2.4-1) sid: resolved (fixed in 7:3.2.4-1) trixie: resolved (fixed in 7:3.2.4-1)

CVE-2017-16840 [CRITICAL] CVE-2017-16840: ffmpeg - The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers... The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. Scope: local bookworm: resolved (fixed in 7:3.4.1-1) bullseye: resolved (fixed in 7:3.4.1-1) forky: resolved (fixed

CVE-2017-7863 [CRITICAL] CVE-2017-7863: ffmpeg - FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffe... FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. Scope: local bookworm: resolved (fixed in 7:3.2.4-1) bullseye: resolved (fixed in 7:3.2.4-1) forky: resolved (fixed in 7:3.2.4-1) sid: resolved (fixed in 7:3.2.4-1) trixie: resolved (fixed in 7:3.2.4-1)

CVE-2017-7862 [CRITICAL] CVE-2017-7862: ffmpeg - FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffe... FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. Scope: local bookworm: resolved (fixed in 7:3.2.4-1) bullseye: resolved (fixed in 7:3.2.4-1) forky: resolved (fixed in 7:3.2.4-1) sid: resolved (fixed in 7:3.2.4-1) trixie: resolved (fixed in 7:3.2.4-1)

CVE-2017-11399 [HIGH] CVE-2017-11399: ffmpeg - Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmp... Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. Scope: local bookworm: resolved (fixed in 7:3.3.3-1) bullseye: resolved (fixed in 7:3.3.3-1) forky: resol

CVE-2017-9991 [HIGH] CVE-2017-9991: ffmpeg - Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec... Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. Scope: local bookworm: resolved (fixed in 7:3

CVE-2017-11684 [HIGH] CVE-2017-11684: ffmpeg - There is an illegal address access in the build_table function in libavcodec/bit... There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. Scope: local bookworm: resolved (fixed in 7:2.3.1-1) bullseye: resolved (fixed in 7:2.3.1-1) forky: resolved (fixed in 7:2.3.1-1) sid: resolved (fixed in 7:2.3.1-1) trixie: resolved (fixed in 7:2.3.1-1)

CVE-2017-11719 [HIGH] CVE-2017-11719: ffmpeg - The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through ... The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. Scope: local bookworm: resolved (fixed in 7:3.3.3-1) bullseye: resolved (fixed in 7:3.3.3-1) forky: resolved (fixed in 7:3.3.3-1) sid: resol

CVE-2017-9996 [HIGH] CVE-2017-9996: ffmpeg - The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.1... The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted fil

CVE-2017-11665 [HIGH] CVE-2017-11665: ffmpeg - The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 all... The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. Scope: local bookworm: resolved (fixed in 7:3.3.3-1) bullseye: resolved (fixed in 7:3.3.3-1) forky: resolved (fixed in 7:3.3.3-1) sid: resolved (fixed in 7:3.3.3-1) tr

CVE-2017-15672 [HIGH] CVE-2017-15672: ffmpeg - The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and pos... The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. Scope: local bookworm: resolved (fixed in 7:3.4-1) bullseye: resolved (fixed in 7:3.4-1) forky: resolved (fixed in 7:3.4-1) sid: resolved (fixed in 7:3.4-1) trixi

CVE-2017-9993 [HIGH] CVE-2017-9993: ffmpeg - FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.... FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. Scope: local bookworm: resolved (fixed in 7:3.2.6-1) bullseye: resolved (fixed in 7:3.2.6-1) forky: resolved (fixed

CVE-2017-9994 [HIGH] CVE-2017-9994: ffmpeg - libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.... libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_

CVE-2017-16803 [HIGH] CVE-2017-16803: ffmpeg - In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function i... In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream. Scope: local bookworm: resolved (fixed in 7:2.2.1-1) bullseye: re

CVE-2017-14767 [HIGH] CVE-2017-14767: ffmpeg - The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg b... The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. Scope: local bookworm: resolved (fixed in 7:3.3.4-1) bullseye: resolved (fixed in 7

CVE-2017-9992 [HIGH] CVE-2017-9992: ffmpeg - Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FF... Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. Scope: local bookworm: resolved (fixed in 7:3.2.5-1)

CVE-2017-9608 [MEDIUM] CVE-2017-9608: ffmpeg - The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote a... The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. Scope: local bookworm: resolved (fixed in 7:3.3.3-1) bullseye: resolved (fixed in 7:3.3.3-1) forky: resolved (fixed in 7:3.3.3-1) sid: resolved (fixed in 7:3.3.3-1) trixie: resolved (fixed in 7:3.3.3-