Debian Ffmpeg vulnerabilities

CVE-2011-3973 [MEDIUM] CVE-2011-3973: ffmpeg - cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows rem... cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-336

CVE-2011-3929 [MEDIUM] CVE-2011-3929: ffmpeg - The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.1... The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file. Scope:

CVE-2011-3944 [MEDIUM] CVE-2011-3944: ffmpeg - The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before... The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in 7:2.4.1-1) trixie: resolved (fixed in 7:2.4.1-1)

CVE-2011-2160 [MEDIUM] CVE-2011-2160: ffmpeg - The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and o... The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (f

CVE-2011-3952 [MEDIUM] CVE-2011-3952: ffmpeg - The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Li... The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file. Scope: local bookworm: resolved (fixed in 7:

CVE-2011-4353 [MEDIUM] CVE-2011-4353: ffmpeg - The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff fun... The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream. Scope:

CVE-2011-3893 [MEDIUM] CVE-2011-3893: ffmpeg - Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis... Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in 7:2.4.1-1) tr

CVE-2011-2161 [MEDIUM] CVE-2011-2161: ffmpeg - The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as ... The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixe

CVE-2011-3947 [MEDIUM] CVE-2011-3947: ffmpeg - Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0... Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file. Scope: local bookworm: resolved (fixed in 7:2.4

CVE-2011-4579 [MEDIUM] CVE-2011-4579: ffmpeg - The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in ... The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions

CVE-2011-3362 [MEDIUM] CVE-2011-3362: ffmpeg - Integer signedness error in the decode_residual_block function in cavsdec.c in l... Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file. Scope: local bookworm: resol

CVE-2011-3951 [MEDIUM] CVE-2011-3951: ffmpeg - The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and... The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file. Scope: local bookworm: resolved (fixed in

CVE-2011-0722 [MEDIUM] CVE-2011-0722: ffmpeg - FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attack... FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolve

CVE-2011-4364 [MEDIUM] CVE-2011-4364: ffmpeg - Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0... Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted st

CVE-2011-3945 [MEDIUM] CVE-2011-3945: ffmpeg - The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpe... The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file. Scope: local bookworm:

CVE-2011-4352 [MEDIUM] CVE-2011-4352: ffmpeg - Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libav... Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP

CVE-2011-3946 [MEDIUM] CVE-2011-3946: ffmpeg - The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 a... The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolve

CVE-2011-3949 [MEDIUM] CVE-2011-3949: ffmpeg - The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before ... The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2011-4031 [MEDIUM] CVE-2011-4031: ffmpeg - Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.... Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2011-3934 [MEDIUM] CVE-2011-3934: ffmpeg - Double free vulnerability in the vp3_update_thread_context function in libavcode... Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in 7:2.4.1-1) trixie: resolved (