Debian Ffmpeg vulnerabilities

CVE-2015-6820 [HIGH] CVE-2015-6820: ffmpeg - The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not... The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data. Scope: local bookworm: resolv

CVE-2015-8219 [HIGH] CVE-2015-8219: ffmpeg - The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does n... The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. Scope: local bookworm: resolved (fixed in 7:2.8.2-1) bull

CVE-2015-6826 [HIGH] CVE-2015-6826: ffmpeg - The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg befo... The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data. Scope: local bookworm: resolved (fixed in 7:2.7.2-1) bullsey

CVE-2015-6818 [HIGH] CVE-2015-6818: ffmpeg - The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 doe... The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. Scope: local bookworm: resolv

CVE-2015-6822 [HIGH] CVE-2015-6822: ffmpeg - The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does no... The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. Scope: local bookworm: resolved (fixe

CVE-2015-8217 [HIGH] CVE-2015-8217: ffmpeg - The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 do... The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data. Scope: local bookworm: resolved (fixed in 7:2.8.2-1) bullseye:

CVE-2015-8663 [HIGH] CVE-2015-8663: ffmpeg - The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserve... The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file. Scope: local bookworm: resolved (fixed in 7:2.8.4-1) bullseye: resolved (fixed in 7:2.8.4-1)

CVE-2015-1872 [MEDIUM] CVE-2015-1872: ffmpeg - The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4... The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. Scope: local bookworm: resolved (fixed in 7:2.5.

CVE-2015-8364 [MEDIUM] CVE-2015-8364: ffmpeg - Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpe... Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data. Scope: local bookworm: resolved (fixe

CVE-2015-3395 [MEDIUM] CVE-2015-3395: ffmpeg - The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x befor... The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. Scope: local bookworm: reso

CVE-2015-1207 [MEDIUM] CVE-2015-1207: ffmpeg - Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2... Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. Scope: local bookworm: resolved (fixed in 7:2.6.1-1) bullseye: resolved (fixed in 7:2.6.1-1) forky: resolved (fixed in 7:2.6.1-1) sid: resolved (fixed in 7:2.6.1-1) trixie: re

CVE-2015-8365 [MEDIUM] CVE-2015-8365: ffmpeg - The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2... The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data. Scope: local

CVE-2015-8218 [MEDIUM] CVE-2015-8218: ffmpeg - The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2... The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data. Scope: local bookworm: resolved (fixed in 7:2.8.2-1) bullseye: resolved (fixed in 7:2.8.2-1)

CVE-2015-3417 [MEDIUM] CVE-2015-3417: ffmpeg - Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h... Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data. Scope: local bookworm: resolved (fixed in 7:2.6.1-1) bull

CVE-2015-1208 [MEDIUM] CVE-2015-1208: ffmpeg - Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpe... Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. Scope: local bookworm: resolved (fixed in 7:2.5.3-1) bullseye: resolved (fixed in 7:2.5.3-1) forky: resolved (fixed in 7:2.5.3-1) sid: resolved (fixed in 7:2.5.3-1)

CVE-2015-6761 [MEDIUM] CVE-2015-6761: ffmpeg - The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as u... The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted W

CVE-2015-8363 [MEDIUM] CVE-2015-8363: ffmpeg - The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg be... The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two

CVE-2015-5479 [MEDIUM] CVE-2015-5479: ffmpeg - The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 ... The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-9602 [HIGH] CVE-2014-9602: ffmpeg - libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words a... libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data. Scope: local bookworm: resolved (fixed in 7:2.5.1-1) bul

CVE-2014-9316 [HIGH] CVE-2014-9316: ffmpeg - The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2... The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file. Scope: local bookworm: resolved (fixed in 2.4.4-1) bullseye: resolved (fi