Shodan
Vulnerabilities
Vulnerable Software
Ffmpeg:  >> Ffmpeg  >> 0.5.4  Security Vulnerabilities
CVE-2011-3504
The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.
CVSS Score
9.3
EPSS Score
0.037
Published
2011-09-29
CVE-2011-1931
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
CVSS Score
6.8
EPSS Score
0.023
Published
2011-07-07
CVE-2011-2162
Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."
CVSS Score
10.0
EPSS Score
0.01
Published
2011-05-20
CVE-2011-0723
FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file.
CVSS Score
6.8
EPSS Score
0.01
Published
2011-05-20
CVE-2010-4704
libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.
CVSS Score
4.3
EPSS Score
0.041
Published
2011-01-22
CVE-2010-3429
flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."
CVSS Score
6.8
EPSS Score
0.05
Published
2010-09-30
CVE-2009-0385
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.
CVSS Score
9.3
EPSS Score
0.116
Published
2009-02-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved