Debian Ffmpeg vulnerabilities

CVE-2016-7393 [MEDIUM] CVE-2016-7393: ffmpeg - Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav be... Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. Scope: local bookworm: resolved (fixed in 7:2.4-1) bullseye: resolved (fixed in 7:2.4-1) forky: resolved (fixed in 7:2.4-1) sid: resolved (fixed in 7:2.4-1) trixie: resolved (fixed in 7

CVE-2016-7555 [MEDIUM] CVE-2016-7555: ffmpeg - The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is v... The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. Scope: local bookworm: resolved (fixed in 7:3.1.4-1) bullseye: resolved (fixed in 7:3.1.4-1) forky: resolved (fixed in 7:3.1.4-1) sid: resolved (fixed in 7:3.1.4-1) trixie: resolved (fixed in 7:3.1.4-1

CVE-2016-7562 [MEDIUM] CVE-2016-7562: ffmpeg - The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 all... The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. Scope: local bookworm: resolved (fixed in 7:3.1.4-1) bullseye: resolved (fixed in 7:3.1.4-1) forky: resolved (fixed in 7:3.1.4-1) sid: resolved (fixed in 7:3.1.4-1) trixie: resolved (fixed in 7:3.1

CVE-2016-8595 [MEDIUM] CVE-2016-8595: ffmpeg - The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows ... The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. Scope: local bookworm: resolved (fixed in 7:3.1.5-1) bullseye: resolved (fixed in 7:3.1.5-1) forky: resolved (fixed in 7:3.1.5-1) sid: resolved (fixed in 7:3.1.5-1) trixie: resolved (fixed in 7:3.1.5-1)

CVE-2016-2213 [MEDIUM] CVE-2016-2213: ffmpeg - The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2... The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data. Scope: local bookworm: resolved (fixed in 7:2.8.6-1) bullseye: resolved (fixed in 7:2.8.6-1) forky: resolved (fixed in 7:2.8.6-1) sid: resolved (fixed in 7:2.8.6-1) trix

CVE-2016-7122 [MEDIUM] CVE-2016-7122: ffmpeg - The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vu... The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. Scope: local bookworm: resolved (fixed in 7:3.1.4-1) bullseye: resolved (fixed in 7:3.1.4-1) forky: resolved (fixed in 7:3.1.4-1) sid: resolved (fixed in 7:3.1.4-1) trixie: resolved (fixed in 7:3.1.

CVE-2016-7785 [MEDIUM] CVE-2016-7785: ffmpeg - The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows... The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. Scope: local bookworm: resolved (fixed in 7:3.1.4-1) bullseye: resolved (fixed in 7:3.1.4-1) forky: resolved (fixed in 7:3.1.4-1) sid: resolved (fixed in 7:3.1.4-1) trixie: resolved (fixed in 7:3.1.4-1)

CVE-2016-7905 [MEDIUM] CVE-2016-7905: ffmpeg - The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows... The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. Scope: local bookworm: resolved (fixed in 7:3.1.4-1) bullseye: resolved (fixed in 7:3.1.4-1) forky: resolved (fixed in 7:3.1.4-1) sid: resolved (fixed in 7:3.1.4-1) trixie: resolved (fixed in 7:3.1.

CVE-2016-7424 [MEDIUM] CVE-2016-7424: ffmpeg - The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and ... The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-8710 [HIGH] CVE-2016-8710: ffmpeg - An exploitable heap write out of bounds vulnerability exists in the decoding of ... An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg. Scope: local

CVE-2016-9561 [MEDIUM] CVE-2016-9561: ffmpeg - The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.... The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. Scope: local bookworm: resolved (fixed in 7:3.2.4-1) bullseye: resolved (fixed in 7:3.2.4-1) forky: resolved (fixed in 7:3.2.4-1) sid: resolved (fixed in

CVE-2016-6881 [MEDIUM] CVE-2016-6881: ffmpeg - The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows r... The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. Scope: local bookworm: resolved (fixed in 7:3.1.3-1) bullseye: resolved (fixed in 7:3.1.3-1) forky: resolved (fixed in 7:3.1.3-1) sid: resolved (fixed in 7:3.1.3-1) trixie: resolved (fixed in 7:3.1.3-1)

CVE-2015-8662 [HIGH] CVE-2015-8662: ffmpeg - The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 do... The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. Scope: local bookworm:

CVE-2015-8661 [HIGH] CVE-2015-8661: ffmpeg - The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before ... The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. Scope: local bookworm: resolved (fixed i

CVE-2015-6821 [HIGH] CVE-2015-6821: ffmpeg - The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2... The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data. Scope: local bookworm: resolved (fixed in 7:2.7.2-1) bullseye: resolved (fixed in 7:2.7.2-1)

CVE-2015-8216 [HIGH] CVE-2015-8216: ffmpeg - The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8... The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. Scope: local bookworm: resolved (fixed in 7:2.8.2-1) bullseye: resolved (fixed in 7:2.8.2-1) fo

CVE-2015-6823 [HIGH] CVE-2015-6823: ffmpeg - The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does n... The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. Scope: local bookworm: resolved (fixed in 7:2.7.2-1) bullseye: resolved (fixe

CVE-2015-6824 [HIGH] CVE-2015-6824: ffmpeg - The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does ... The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. Scope: local bookworm: resolved (fixed in 7:2.7.2-1) bullseye: resolved (fixed in 7:2.7.2-1) f

CVE-2015-6819 [HIGH] CVE-2015-6819: ffmpeg - Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/... Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. Scope: local bookworm: resolved (fixed in 7:2.7.2-1) bullseye: resolved (fixed in 7:2.7.2-1) forky: resolved (

CVE-2015-6825 [HIGH] CVE-2015-6825: ffmpeg - The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before... The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file. Scope: local bookworm: resolved (fixed in 7:2.7.2-1) bullse