Debian Ffmpeg vulnerabilities

CVE-2014-125007 [MEDIUM] CVE-2014-125007: ffmpeg - A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by t... A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. Scope: local bookworm: resolved bullseye: resolved forky: re

CVE-2014-125025 [MEDIUM] CVE-2014-125025: ffmpeg - A vulnerability classified as problematic has been found in FFmpeg 2.0. This aff... A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-125016 [MEDIUM] CVE-2014-125016: ffmpeg - A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This ... A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved

CVE-2014-125003 [MEDIUM] CVE-2014-125003: ffmpeg - A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issu... A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolve

CVE-2014-2098 [MEDIUM] CVE-2014-2098: ffmpeg - libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-struct... libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-125009 [MEDIUM] CVE-2014-125009: ffmpeg - A vulnerability classified as problematic has been found in FFmpeg 2.0. This aff... A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolv

CVE-2014-5271 [HIGH] CVE-2014-5271: ffmpeg - Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_... Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. Scope: local bookworm: resolved bullseye: resolved fo

CVE-2014-125022 [MEDIUM] CVE-2014-125022: ffmpeg - A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. ... A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. Scope: local bookworm: resolved bullseye: resolved forky: r

CVE-2013-0844 [CRITICAL] CVE-2013-0844: ffmpeg - Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFm... Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fix

CVE-2013-0868 [CRITICAL] CVE-2013-0868: ffmpeg - libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have a... libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases." Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4

CVE-2013-0858 [CRITICAL] CVE-2013-0858: ffmpeg - The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 al... The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed i

CVE-2013-0856 [CRITICAL] CVE-2013-0856: ffmpeg - The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows rem... The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in

CVE-2013-0854 [CRITICAL] CVE-2013-0854: ffmpeg - The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg... The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in 7:2.4.1-1) trixie: resolved (fixed in 7:2.4

CVE-2013-0849 [CRITICAL] CVE-2013-0849: ffmpeg - The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 al... The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) s

CVE-2013-0873 [CRITICAL] CVE-2013-0873: ffmpeg - The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows r... The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses." Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in 7:2.4.1-1) trixie

CVE-2013-0865 [CRITICAL] CVE-2013-0865: ffmpeg - The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 an... The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky

CVE-2013-0850 [CRITICAL] CVE-2013-0850: ffmpeg - The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allow... The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in 7:2.4.1-1) tri

CVE-2013-0846 [CRITICAL] CVE-2013-0846: ffmpeg - Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c i... Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved

CVE-2013-0867 [CRITICAL] CVE-2013-0867: ffmpeg - The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 doe... The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolv

CVE-2013-0869 [CRITICAL] CVE-2013-0869: ffmpeg - The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote... The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed