Debian Ffmpeg vulnerabilities

CVE-2011-3950 [MEDIUM] CVE-2011-3950: ffmpeg - The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.... The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2011-1931 [MEDIUM] CVE-2011-1931: ffmpeg - sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 ... sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via

CVE-2011-3937 [CRITICAL] CVE-2011-3937: ffmpeg - The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x befo... The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads." Scope: local bookworm: resolved bullseye: res

CVE-2011-3935 [MEDIUM] CVE-2011-3935: ffmpeg - The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote at... The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2011-1196 [HIGH] CVE-2011-1196: ffmpeg - The OGG container implementation in Google Chrome before 10.0.648.127 allows rem... The OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2010-3429 [MEDIUM] CVE-2010-3429: ffmpeg - flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and othe... flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability." Scope: local bookworm: resolved (fixed in 4:0.5.2-6) bullseye: resolved (fixed in 4:0.5.2-6) forky: resolved (fixed in 4:0.5.2-6) sid: resolve

CVE-2010-3908 [MEDIUM] CVE-2010-3908: ffmpeg - FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attack... FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in

CVE-2010-4705 [CRITICAL] CVE-2010-4705: ffmpeg - Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vo... Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie

CVE-2010-4704 [MEDIUM] CVE-2010-4704: ffmpeg - libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows... libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (f

CVE-2009-4631 [CRITICAL] CVE-2009-4631: ffmpeg - Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attacker... Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption. Scope: local bookworm: resolved (fixed in 4:0.5+svn20090706-3) bullseye: resolved (fixed in 4:0.5+svn20090706-3) forky: resolved

CVE-2009-0385 [CRITICAL] CVE-2009-0385: ffmpeg - Integer signedness error in the fourxm_read_header function in libavformat/4xm.c... Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. Scope: local bookworm: resolved (fixed in 0.svn20080206-16) bullseye: resolved (fixed in 0.svn200

CVE-2009-4633 [CRITICAL] CVE-2009-4633: ffmpeg - vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operato... vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 4:0.5+svn20090706-3) bullseye: resolve

CVE-2009-4637 [CRITICAL] CVE-2009-4637: ffmpeg - FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and poss... FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. Scope: local bookworm: resolved (fixed in 4:0.5+svn20090706-3) bullseye: resolved (fixed in 4:0.5+svn20090706-3) forky: resolved (fixed in 4:0.5+svn20090706-3) sid: resolved (fixed in 4:0.5+svn20

CVE-2009-4635 [CRITICAL] CVE-2009-4635: ffmpeg - FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly exe... FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow. Scope: local bookw

CVE-2009-4634 [CRITICAL] CVE-2009-4634: ffmpeg - Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a deni... Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that cre

CVE-2009-4632 [MEDIUM] CVE-2009-4632: ffmpeg - oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithme... oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. Scope: local bookworm: resolved (fixed in 4:0.5+svn20090706-3) bullseye: resolved (fixed in 4:0.5+svn20090706-3) forky: resolve

CVE-2009-4636 [MEDIUM] CVE-2009-4636: ffmpeg - FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a cra... FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. Scope: local bookworm: resolved (fixed in 4:0.5+svn20090706-3) bullseye: resolved (fixed in 4:0.5+svn20090706-3) forky: resolved (fixed in 4:0.5+svn20090706-3) sid: resolved (fixed in 4:0.5+svn20090706-3) trixie: resolved (fixed in 4:0.5+svn200907

CVE-2009-4640 [MEDIUM] CVE-2009-4640: ffmpeg - Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause... Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. Scope: local bookworm: resolved (fixed in 4:0.5+svn20090706-3) bullseye: resolved (fixed in 4:0.5+svn20090706-3) forky: resolved (fixed in 4:0.5+svn20090706-3) sid: reso

CVE-2009-4638 [MEDIUM] CVE-2009-4638: ffmpeg - Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of serv... Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. Scope: local bookworm: resolved (fixed in 4:0.5+svn20090706-3) bullseye: resolved (fixed in 4:0.5+svn20090706-3) forky: resolved (fixed in 4:0.5+svn20090706-3) sid: resolved (fixed in 4:0.5+svn20090706-3) trixie: resolve

CVE-2009-4639 [MEDIUM] CVE-2009-4639: ffmpeg - The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attac... The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fixed in 7:2.4.1-1) sid: resolved (fixed in 7:2.4.1-1) trixie: resolved (fix