Shodan
Vulnerabilities
Vulnerable Software
Ffmpeg:  >> Ffmpeg  >> 0.10.16  Security Vulnerabilities
CVE-2013-0853
The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.
CVSS Score
9.3
EPSS Score
0.007
Published
2013-12-07
CVE-2013-0854
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.
CVSS Score
9.3
EPSS Score
0.009
Published
2013-12-07
CVE-2013-0855
Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-bounds array access.
CVSS Score
9.3
EPSS Score
0.012
Published
2013-12-07
CVE-2013-0856
The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value.
CVSS Score
9.3
EPSS Score
0.005
Published
2013-12-07
CVE-2013-0857
The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.
CVSS Score
9.3
EPSS Score
0.007
Published
2013-12-07
CVE-2013-0858
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.
CVSS Score
9.3
EPSS Score
0.012
Published
2013-12-07
CVE-2013-0860
The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data.
CVSS Score
4.3
EPSS Score
0.009
Published
2013-11-23
CVE-2013-0861
The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout.
CVSS Score
5.0
EPSS Score
0.004
Published
2013-11-23
CVE-2013-0862
Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array access.
CVSS Score
9.3
EPSS Score
0.009
Published
2013-11-23
CVE-2013-0863
Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data.
CVSS Score
9.3
EPSS Score
0.013
Published
2013-11-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved