Debian Ffmpeg vulnerabilities

CVE-2013-0848 [CRITICAL] CVE-2013-0848: ffmpeg - The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows rem... The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1)

CVE-2013-2496 [HIGH] CVE-2013-2496: ffmpeg - The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg throu... The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data. Scope: local bookworm: resolved (fixed in 7:2.4.

CVE-2013-2277 [HIGH] CVE-2013-2277: ffmpeg - The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmp... The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data. Scope: local bookworm: reso

CVE-2013-2495 [HIGH] CVE-2013-2495: ffmpeg - The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 doe... The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified ot

CVE-2013-0894 [HIGH] CVE-2013-0894: ffmpeg - Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis deco... Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or po

CVE-2013-3670 [MEDIUM] CVE-2013-3670: ffmpeg - The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through ... The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that w

CVE-2013-3672 [MEDIUM] CVE-2013-3672: ffmpeg - The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 d... The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data. Scope: local bookworm: resolved (fixed i

CVE-2013-7010 [MEDIUM] CVE-2013-7010: ffmpeg - Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 ... Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fix

CVE-2013-7011 [MEDIUM] CVE-2013-7011: ffmpeg - The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not p... The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky:

CVE-2013-7015 [MEDIUM] CVE-2013-7015: ffmpeg - The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 d... The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved

CVE-2013-7009 [MEDIUM] CVE-2013-7009: ffmpeg - The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does n... The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:

CVE-2013-7020 [MEDIUM] CVE-2013-7020: ffmpeg - The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not p... The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (f

CVE-2013-0860 [MEDIUM] CVE-2013-0860: ffmpeg - The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1... The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolve

CVE-2013-0877 [CRITICAL] CVE-2013-0877: ffmpeg - The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remo... The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-4265 [CRITICAL] CVE-2013-4265: ffmpeg - The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an ... The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-4358 [MEDIUM] CVE-2013-4358: ffmpeg - libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a den... libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-7016 [MEDIUM] CVE-2013-7016: ffmpeg - The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not e... The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resol

CVE-2013-7008 [MEDIUM] CVE-2013-7008: ffmpeg - The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incor... The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-0862 [CRITICAL] CVE-2013-0862: ffmpeg - Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.... Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array access. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-7021 [MEDIUM] CVE-2013-7021: ffmpeg - The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not ... The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved