Debian Ffmpeg vulnerabilities

CVE-2017-5024 [MEDIUM] CVE-2017-5024: ffmpeg - FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed... FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Scope: local bookworm: resolved (fixed in 7:3.2.4-1) bullseye: resolved (fixed in 7:3.2.4-1) forky: resolved (fixed in 7:3.2.4-1) sid: resolved (fixed in 7:

CVE-2017-1000460 [MEDIUM] CVE-2017-1000460: ffmpeg - In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 p... In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. Scope: local bookworm: resolved (fixed in 7:3.1.1-1) bullseye: resolved (fixed in 7:3.1.1-1) forky: resolved (

CVE-2017-15186 [MEDIUM] CVE-2017-15186: ffmpeg - Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to... Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. Scope: local bookworm: resolved (fixed in 7:3.4-1) bullseye: resolved (fixed in 7:3.4-1) forky: resolved (fixed in 7:3.4-1) sid: resolved (fixed in 7:3.4-1) trixie: resolved (fixed in 7:3.4-1)

CVE-2017-17081 [MEDIUM] CVE-2017-17081: ffmpeg - The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does... The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. Scope: local bookworm: resolved (fixed in 7:3.4.1-1) bullseye: resolved (fixed in 7:3.4.1-1) forky: resolved (f

CVE-2017-5025 [MEDIUM] CVE-2017-5025: ffmpeg - FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed... FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Scope: local bookworm: resolved (fixed in 7:3.2.4-1) bullseye: resolved (fixed in 7:3.2.4-1) forky: resolved (fixed in 7:3.2.4-1) sid: resolved (fixed in 7:

CVE-2017-14056 [MEDIUM] CVE-2017-14056: ffmpeg - In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of ... In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory res

CVE-2017-14057 [MEDIUM] CVE-2017-14057: ffmpeg - In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) ... In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since th

CVE-2017-9995 [HIGH] CVE-2017-9995: ffmpeg - libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height a... libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-14223 [MEDIUM] CVE-2017-14223: ffmpeg - In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due... In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF che

CVE-2017-14170 [MEDIUM] CVE-2017-14170: ffmpeg - In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_ar... In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no

CVE-2017-14171 [MEDIUM] CVE-2017-14171: ffmpeg - In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header(... In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resou

CVE-2017-14225 [HIGH] CVE-2017-14225: ffmpeg - The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may ... The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dere

CVE-2017-14169 [HIGH] CVE-2017-14169: ffmpeg - In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> ... In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. Scope: local bookworm: resolved (fixed in 7:3.3.4-1) bullsey

CVE-2017-14058 [MEDIUM] CVE-2017-14058: ffmpeg - In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not re... In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). Scope: local bookworm: resolved (fixed in 7:3.3.4-1) bullseye: resolved (fixed in 7:3.3.4-1) forky: resolved (fixed in 7:3.3.4-1) sid: resolved (fixed in 7:3.3.4-

CVE-2017-9051 [CRITICAL] CVE-2017-9051: ffmpeg - libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer... libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c. Scope: local bookworm: resolved (fixed in 7:2.6.1-1) bullseye: resolved (fixed in 7:2.6.1-1) forky: resolved (fixed in 7:2.6.1-1) sid: resolved (fixed in 7:2.6.1-1) trixie: resolved (fixed in 7:2.6.1-1)

CVE-2017-14055 [MEDIUM] CVE-2017-14055: ffmpeg - In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of... In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since th

CVE-2017-14054 [MEDIUM] CVE-2017-14054: ffmpeg - In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack o... In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside t

CVE-2017-5984 [MEDIUM] CVE-2017-5984: ffmpeg - In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based ... In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-14059 [MEDIUM] CVE-2017-14059: ffmpeg - In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might c... In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside th

CVE-2017-9990 [HIGH] CVE-2017-9990: ffmpeg - Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/x... Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved