Debian Ffmpeg vulnerabilities

CVE-2012-2799 [CRITICAL] CVE-2012-2799: ffmpeg - Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 h... Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "put bit buffer when num_saved_bits is reset." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-2795 [CRITICAL] CVE-2012-2795: ffmpeg - Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg be... Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3) "too many bits in decode_channel_residues()." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-2802 [CRITICAL] CVE-2012-2802: ffmpeg - Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.... Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-0856 [LOW] CVE-2012-0856: ffmpeg - Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvid... Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file. NOTE: this vulnerability exists because of a regression error. Scope: local bookworm: resolved bullseye: resolved forky: res

CVE-2012-2787 [CRITICAL] CVE-2012-2787: ffmpeg - Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in... Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-6617 [MEDIUM] CVE-2012-6617: ffmpeg - The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows... The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-6616 [MEDIUM] CVE-2012-6616: ffmpeg - The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1... The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-2796 [CRITICAL] CVE-2012-2796: ffmpeg - Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.... Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie:

CVE-2012-2792 [CRITICAL] CVE-2012-2792: ffmpeg - Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessd... Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2011-3504 [CRITICAL] CVE-2011-3504: ffmpeg - The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate me... The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in 7:2.4.1-1) trixie: resolved (fixed in 7:2.4.1-1)

CVE-2011-0480 [CRITICAL] CVE-2011-0480: ffmpeg - Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as us... Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2)

CVE-2011-2162 [CRITICAL] CVE-2011-2162: ffmpeg - Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in M... Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers." Scope: local bookworm

CVE-2011-3892 [HIGH] CVE-2011-3892: ffmpeg - Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874... Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in 7:2.4.1-1) trix

CVE-2011-3895 [HIGH] CVE-2011-3895: ffmpeg - Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.87... Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in 7:2.4.1-1) tri

CVE-2011-4351 [HIGH] CVE-2011-4351: ffmpeg - Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, ... Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in 7:2.4.1-1) trixie: resolved (fixed in 7

CVE-2011-3941 [HIGH] CVE-2011-3941: ffmpeg - The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 al... The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fi

CVE-2011-3940 [MEDIUM] CVE-2011-3940: ffmpeg - nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, an... nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams." Scope: local bookworm: resolved (fixed in

CVE-2011-0723 [MEDIUM] CVE-2011-0723: ffmpeg - FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to ... FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in 7:2.4.1-1) trixie: resolved

CVE-2011-3974 [MEDIUM] CVE-2011-3974: ffmpeg - Integer signedness error in the decode_residual_inter function in cavsdec.c in l... Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362. Scope: local bookwo

CVE-2011-3936 [MEDIUM] CVE-2011-3936: ffmpeg - The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.... The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bul