Debian Ffmpeg vulnerabilities

CVE-2017-7206 [HIGH] CVE-2017-7206: ffmpeg - The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote att... The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-7859 [CRITICAL] CVE-2017-7859: ffmpeg - FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffe... FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-14222 [MEDIUM] CVE-2017-14222: ffmpeg - In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF... In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check i

CVE-2016-10190 [CRITICAL] CVE-2016-10190: ffmpeg - Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x ... Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. Scope: local bookworm: resolved (fixed in 7:3.2.2-1) bullseye: resolved (fixed in 7:3.2.2-1) forky: resolved (fixed in 7:3.2.2-1)

CVE-2016-6164 [CRITICAL] CVE-2016-6164: ffmpeg - Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg ... Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. Scope: local bookworm: resolved (fixed in 7:3.1.1-1) bullseye: resolved (fixed in 7:3.1.1-1) forky: resolved (fixed in 7:3.1.1-1) sid: resolved (

CVE-2016-10191 [CRITICAL] CVE-2016-10191: ffmpeg - Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0... Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. Scope: local bookworm: resolved (fixed in 7:3.2.2-1) bullseye: resolved (fixed in 7:3.2.2-1) forky: resolved (f

CVE-2016-10192 [CRITICAL] CVE-2016-10192: ffmpeg - Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3... Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. Scope: local bookworm: resolved (fixed in 7:3.2.2-1) bullseye: resolved (fixed in 7:3.2.2-1) forky: resolved (fixed in 7:3.2.2-1) sid: resolved

CVE-2016-7502 [HIGH] CVE-2016-7502: ffmpeg - The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is ... The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. Scope: local bookworm: resolved (fixed in 7:3.1.4-1) bullseye: resolved (fixed in 7:3.1.4-1) forky: resolved (fixed in 7:3.1.4-1) sid: resolved (fixed in 7:3.1.4-1) trixie: resolved (fixed in 7:3.1.4-1)

CVE-2016-7450 [HIGH] CVE-2016-7450: ffmpeg - The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vu... The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. Scope: local bookworm: resolved (fixed in 7:3.1.4-1) bullseye: resolved (fixed in 7:3.1.4-1) forky: resolved (fixed in 7:3.1.4-1) sid: resolved (fixed in 7:3.1.4-1) trixie: resolved (fixed in 7:3.1.4-1)

CVE-2016-6920 [HIGH] CVE-2016-6920: ffmpeg - Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in F... Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. Scope: local bookworm: resolved (fixed in 7:3.1.3-1) bullseye: resolved (fixed in 7:3.1.3-1) forky: resolved (fixed in 7:3.1.3-1) sid: resolved (fixed in 7:3.1.3

CVE-2016-2327 [HIGH] CVE-2016-2327: ffmpeg - libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain ... libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions. Scope: local bookworm: resolved (fixed in 2.8.5-1) bullsey

CVE-2016-3062 [HIGH] CVE-2016-3062: ffmpeg - The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg ... The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1

CVE-2016-2326 [HIGH] CVE-2016-2326: ffmpeg - Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFm... Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file. Scope: local bookworm: resolved (fixed in 2.8.5-1) bullseye: resolved (fixed in 2.8.5-1) forky: resolved (fixe

CVE-2016-5199 [HIGH] CVE-2016-5199: ffmpeg - An off by one error resulting in an allocation of zero size in FFmpeg in Google ... An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Scope: local bookworm: resolved (fixed in 7:3.2-1) bullseye: resolved (fix

CVE-2016-2328 [HIGH] CVE-2016-2328: ffmpeg - libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain h... libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions. Scope: local bookworm: resolved (fixed in

CVE-2016-6671 [HIGH] CVE-2016-6671: ffmpeg - The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows rem... The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. Scope: local bookworm: resolved (fixed in 7:3.1.2-1) bullseye: resolved (fixed in 7:3.1.2-1) forky: resolved (fixed in 7:3.1.2-1) sid: resolved (fixed in 7:3.1.2-1) trixie: resol

CVE-2016-2330 [HIGH] CVE-2016-2330: ffmpeg - libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer siz... libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions. Scope: local bookworm: resolved (fixed in 2.8.

CVE-2016-2329 [HIGH] CVE-2016-2329: ffmpeg - libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip... libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions. Scope: local bookworm: res

CVE-2016-1897 [MEDIUM] CVE-2016-1897: ffmpeg - FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbi... FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. Scope: local bookworm: resolved (fixed in 7:2.8.5-1) bullseye: resolved (fixed in 7:2.8.5-1) forky: reso

CVE-2016-1898 [MEDIUM] CVE-2016-1898: ffmpeg - FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbi... FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file. Scope: local bookworm: resolved (fixed in 7:2.8.5-1) bullseye: resolved (fixed in 7:2.8.5-1) forky: