Debian Ffmpeg vulnerabilities

CVE-2012-0947 [MEDIUM] CVE-2012-0947: ffmpeg - Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vq... Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of th

CVE-2012-0859 [MEDIUM] CVE-2012-0859: ffmpeg - The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg ... The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893. Scope: local bookworm: resolv

CVE-2012-0857 [MEDIUM] CVE-2012-0857: ffmpeg - Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) ... Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-2882 [MEDIUM] CVE-2012-2882: ffmpeg - FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle O... FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-2790 [CRITICAL] CVE-2012-2790: ffmpeg - Unspecified vulnerability in the read_var_block_data function in libavcodec/alsd... Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: re

CVE-2012-2785 [CRITICAL] CVE-2012-2785: ffmpeg - Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg be... Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to (1) "some subframes only encode some channels" or (2) a large order value. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-0848 [MEDIUM] CVE-2012-0848: ffmpeg - Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-... Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file, related to an incorrect calculation, aka "wrong samples count." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-2786 [CRITICAL] CVE-2012-2786: ffmpeg - Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFm... Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-0855 [MEDIUM] CVE-2012-0855: ffmpeg - Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in... Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to the curtileno variable. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-2794 [CRITICAL] CVE-2012-2794: ffmpeg - Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c ... Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-0849 [MEDIUM] CVE-2012-0849: ffmpeg - Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmp... Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: reso

CVE-2012-0847 [MEDIUM] CVE-2012-0847: ffmpeg - Heap-based buffer overflow in the avfilter_filter_samples function in libavfilte... Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-5144 [CRITICAL] CVE-2012-5144: ffmpeg - Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before... Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN." Scope: local bookworm: r

CVE-2012-0854 [MEDIUM] CVE-2012-0854: ffmpeg - The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does ... The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixi

CVE-2012-2774 [MEDIUM] CVE-2012-2774: ffmpeg - The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 ... The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, related to starting "a frame outside SETUP state." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-6618 [LOW] CVE-2012-6618: ffmpeg - The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2... The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate." Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed i

CVE-2012-0850 [MEDIUM] CVE-2012-0850: ffmpeg - The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 all... The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-6615 [MEDIUM] CVE-2012-6615: ffmpeg - The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg bef... The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-2789 [CRITICAL] CVE-2012-2789: ffmpeg - Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.... Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs). Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-2793 [CRITICAL] CVE-2012-2793: ffmpeg - Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec... Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved