VuXML ID | Description |
b2ff68b2-9f29-11db-a4e4-0211d87675b7 | mplayer -- buffer overflow in the code for RealMedia RTSP streams.
A potential buffer overflow was found in the code used to handle
RealMedia RTSP streams. When checking for matching asm rules, the code
stores the results in a fixed-size array, but no boundary checks are
performed. This may lead to a buffer overflow if the user is tricked
into connecting to a malicious server. Since the attacker cannot write
arbitrary data into the buffer, creating an exploit is very hard; but a
DoS attack is easily made.
A fix for this problem was committed to SVN on Sun Dec 31 13:27:53 2006
UTC as r21799. The fix involves three files: stream/realrtsp/asmrp.c,
stream/realrtsp/asmrp.h and stream/realrtsp/real.c.
Discovery 2006-12-31 Entry 2007-01-08 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.10_1
ports/107217
CVE-2006-6172
http://www.mplayerhq.hu/design7/news.html
|
c7526a14-c4dc-11da-9699-00123ffe8333 | mplayer -- Multiple integer overflows
Secunia reports:
The vulnerabilities are caused due to integer overflow errors
in "libmpdemux/asfheader.c" within the handling of an ASF file,
and in "libmpdemux/aviheader.c" when parsing the "indx" chunk in
an AVI file. This can be exploited to cause heap-based buffer
overflows via a malicious ASF file, or via a AVI file with
specially-crafted "wLongsPerEntry" and "nEntriesInUse" values in
the "indx" chunk.
Discovery 2006-03-29 Entry 2006-04-07 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.7_12
CVE-2006-1502
http://www.xfocus.org/advisories/200603/11.html
http://secunia.com/advisories/19418/
|
7c5bd5b8-d652-11dd-a765-0030843d3802 | mplayer -- twinvq processing buffer overflow vulnerability
A trapkit reports:
MPlayer contains a stack buffer overflow vulnerability while
parsing malformed TwinVQ media files. The vulnerability may be
exploited by a (remote) attacker to execute arbitrary code in
the context of MPlayer.
Discovery 2008-12-14 Entry 2008-12-30 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk-esound
mplayer-gtk2
mplayer-gtk2-esound
< 0.99.11_9
CVE-2008-5616
http://secunia.com/advisories/33136/
http://trapkit.de/advisories/TKADV2008-014.txt
|
104beb63-af4d-11da-8414-0013d4a4a40e | mplayer -- heap overflow in the ASF demuxer
The Mplayer team reports:
A potential buffer overflow was found in the ASF demuxer.
Arbitrary remote code execution is possible (under the user ID
running the player) when streaming an ASF file from a malicious
server or local code execution (under the user ID running the
player) if a malicious ASF file is played locally.
Discovery 2006-02-15 Entry 2006-03-09 mplayer
mplayer-gtk
mplayer-esound
mplayer-gtk-esound
< 0.99.7_11
CVE-2006-0579
http://www.mplayerhq.hu/design7/news.html#vuln13
http://secunia.com/advisories/18718
http://bugs.gentoo.org/show_bug.cgi?id=122029
|
6ac79ed8-ccc2-11e5-932b-5404a68ad561 | ffmpeg -- remote denial of service in JPEG2000 decoder
FFmpeg security reports:
FFmpeg 2.8.6 fixes the following vulnerabilities:
CVE-2016-2213
Discovery 2016-01-27 Entry 2016-02-06 ffmpeg
< 2.8.6,1
mplayer
mencoder
< 1.2.r20151219_3
CVE-2016-2213
https://www.ffmpeg.org/security.html
|
5ccb1c14-e357-11dd-a765-0030843d3802 | mplayer -- vulnerability in STR files processor
Secunia reports:
The vulnerability is caused due to a boundary error within the
"str_read_packet()" function in libavformat/psxstr.c. This can be
exploited to cause a heap-based buffer overflow via a specially
crafted STR file.
Discovery 2008-07-09 Entry 2009-01-15 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk-esound
mplayer-gtk2
mplayer-gtk2-esound
< 0.99.11_10
CVE-2008-3162
30157
http://secunia.com/advisories/30994
https://roundup.mplayerhq.hu/roundup/ffmpeg/issue311
|
9ab3a22c-feb8-11e3-b938-5404a68ad561 | mplayer -- potential buffer overrun when processing malicious lzo compressed input
Michael Niedermayer and Luca Barbato report in upstream ffmpeg:
avutil/lzo: Fix integer overflow
Discovery 2014-06-24 Entry 2014-06-28 mplayer
< 1.1.r20140418_3
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccda51b14c0fcae2fad73a24872dce75a7964996
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee
CVE-2014-4610
|
724e6f93-8f2a-11dd-821f-001cc0377035 | mplayer -- multiple integer overflows
The oCERT team reports:
The MPlayer multimedia player suffers from a vulnerability which
could result in arbitrary code execution and at the least, in
unexpected process termination. Three integer underflows located
in the Real demuxer code can be used to exploit a heap overflow,
a specific video file can be crafted in order to make the
stream_read function reading or writing arbitrary amounts of
memory.
Discovery 2008-09-30 Entry 2008-10-01 Modified 2008-10-02 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.11_7
CVE-2008-3827
http://www.ocert.org/advisories/ocert-2008-013.html
|
abeb9b64-ce50-11db-bc24-0016179b2dd5 | mplayer -- DMO File Parsing Buffer Overflow Vulnerability
"Moritz Jodeit reports:
There's an exploitable buffer overflow in the current version
of MPlayer (v1.0rc1) which can be exploited with a maliciously
crafted video file. It is hidden in the DMO_VideoDecoder()
function of `loader/dmo/DMO_VideoDecoder.c' file.
Discovery 2007-02-11 Entry 2007-03-09 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.10_5
22771
CVE-2007-1246
|
3ac80dd2-14df-11dc-bcfc-0016179b2dd5 | mplayer -- cddb stack overflow
Mplayer Team reports:
A stack overflow was found in the code used to handle
cddb queries. When copying the album title and category,
no checking was performed on the size of the strings
before storing them in a fixed-size array. A malicious
entry in the database could trigger a stack overflow in
the program, leading to arbitrary code execution with the
uid of the user running MPlayer.
Discovery 2007-06-06 Entry 2007-06-07 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.10_10
24302
CVE-2007-2948
|
046fedd1-bd01-11e5-bbf4-5404a68ad561 | ffmpeg -- remote attacker can access local files
Arch Linux reports:
ffmpeg has a vulnerability in the current version that allows the
attacker to create a specially crafted video file, downloading which
will send files from a user PC to a remote attacker server. The
attack does not even require the user to open that file â for
example, KDE Dolphin thumbnail generation is enough.
Discovery 2016-01-13 Entry 2016-01-17 ffmpeg
gt 2.0,1 lt 2.8.5,1
mplayer
mencoder
< 1.2.r20151219_2
CVE-2016-1897
CVE-2016-1898
ports/206282
https://www.ffmpeg.org/security.html
|
de4d4110-ebce-11dc-ae14-0016179b2dd5 | mplayer -- multiple vulnerabilities
The Mplayer team reports:
A buffer overflow was found in the code used to extract album
titles from CDDB server answers. When parsing answers from the
CDDB server, the album title is copied into a fixed-size buffer
with insufficient size checks, which may cause a buffer overflow.
A malicious database entry could trigger a buffer overflow in the
program. That can lead to arbitrary code execution with the UID of
the user running MPlayer.
A buffer overflow was found in the code used to escape URL
strings. The code used to skip over IPv6 addresses can be tricked
into leaving a pointer to a temporary buffer with a non-NULL value;
this causes the unescape code to reuse the buffer, and may lead to
a buffer overflow if the old buffer is smaller than required.
A malicious URL string may be used to trigger a buffer overflow in
the program, that can lead to arbitrary code execution with the UID
of the user running MPlayer.
A buffer overflow was found in the code used to parse MOV file
headers. The code read some values from the file and used them as
indexes into as array allocated on the heap without performing any
boundary check. A malicious file may be used to trigger a buffer
overflow in the program. That can lead to arbitrary code execution
with the UID of the user running MPlayer.
Discovery 2008-02-05 Entry 2008-03-06 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.11_2
CVE-2008-0485
CVE-2008-0486
CVE-2008-0629
CVE-2008-0630
http://secunia.com/advisories/28779
|
4bae544d-06a3-4352-938c-b3bcbca89298 | ffmpeg -- multiple vulnerabilities
NVD reports:
The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in
FFmpeg before 2.8.4 does not validate the number of
decomposition levels before proceeding with Discrete Wavelet
Transform decoding, which allows remote attackers to cause a
denial of service (out-of-bounds array access) or possibly
have unspecified other impact via crafted JPEG 2000
data.
The ff_get_buffer function in libavcodec/utils.c in
FFmpeg before 2.8.4 preserves width and height values after
a failure, which allows remote attackers to cause a denial
of service (out-of-bounds array access) or possibly have
unspecified other impact via a crafted .mov file.
Discovery 2015-12-20 Entry 2015-12-28 Modified 2018-03-25 libav
ge 0
gstreamer-ffmpeg
ge 0
handbrake
< 1.2.0
ffmpeg
ge 2.8,1 lt 2.8.4,1
< 2.7.4,1
ffmpeg26
< 2.6.6
ffmpeg25
< 2.5.9
ffmpeg24
< 2.4.12
ffmpeg-devel
ffmpeg23
ffmpeg2
ffmpeg1
ffmpeg-011
ffmpeg0
ge 0
avidemux
avidemux2
avidemux26
le 2.6.11
kodi
< 16.0
mplayer
mencoder
< 1.2.r20151219_1
mythtv
mythtv-frontend
le 0.27.5,1
plexhometheater
ge 0
CVE-2015-8662
CVE-2015-8663
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=abee0a1c60612e8638640a8a3738fffb65e16dbf
https://ffmpeg.org/security.html
|
80c66af0-d1c5-449e-bd31-63b12525ff88 | ffmpeg -- out-of-bounds array access
NVD reports:
The msrle_decode_pal4 function in msrledec.c in Libav
before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7,
2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6,
and 2.6.x before 2.6.2 allows remote attackers to have
unspecified impact via a crafted image, related to a pixel
pointer, which triggers an out-of-bounds array access.
Discovery 2015-04-12 Entry 2015-09-01 Modified 2018-03-25 libav
ge 11.0 lt 11.4
< 10.7
gstreamer1-libav
< 1.5.1
handbrake
< 1.2.0
ffmpeg
ge 2.2.0,1 lt 2.2.15,1
< 2.0.7,1
ffmpeg26
< 2.6.2
ffmpeg25
< 2.5.6
ffmpeg24
< 2.4.8
ffmpeg23
ge 0
ffmpeg1
ge 0
avidemux
avidemux26
< 2.6.11
kodi
< 15.1
mplayer
mencoder
< 1.1.r20150403
mythtv
mythtv-frontend
le 0.27.5,1
CVE-2015-3395
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7e1367f58263593e6cee3c282f7277d7ee9d553
https://git.libav.org/?p=libav.git;a=commit;h=5ecabd3c54b7c802522dc338838c9a4c2dc42948
https://ffmpeg.org/security.html
https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4
|
3d950687-b4c9-4a86-8478-c56743547af8 | ffmpeg -- multiple vulnerabilities
NVD reports:
The decode_ihdr_chunk function in libavcodec/pngdec.c in
FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR
(aka image header) chunk in a PNG image, which allows remote
attackers to cause a denial of service (out-of-bounds array
access) or possibly have unspecified other impact via a
crafted image with two or more of these chunks.
Multiple integer underflows in the ff_mjpeg_decode_frame
function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2
allow remote attackers to cause a denial of service
(out-of-bounds array access) or possibly have unspecified
other impact via crafted MJPEG data.
The ff_sbr_apply function in libavcodec/aacsbr.c in
FFmpeg before 2.7.2 does not check for a matching AAC frame
syntax element before proceeding with Spectral Band
Replication calculations, which allows remote attackers to
cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted AAC
data.
The ff_mpv_common_init function in libavcodec/mpegvideo.c
in FFmpeg before 2.7.2 does not properly maintain the
encoding context, which allows remote attackers to cause a
denial of service (invalid pointer access) or possibly have
unspecified other impact via crafted MPEG data.
The destroy_buffers function in libavcodec/sanm.c in
FFmpeg before 2.7.2 does not properly maintain height and
width values in the video context, which allows remote
attackers to cause a denial of service (segmentation
violation and application crash) or possibly have
unspecified other impact via crafted LucasArts Smush video
data.
The allocate_buffers function in libavcodec/alac.c in
FFmpeg before 2.7.2 does not initialize certain context
data, which allows remote attackers to cause a denial of
service (segmentation violation) or possibly have
unspecified other impact via crafted Apple Lossless Audio
Codec (ALAC) data.
The sws_init_context function in libswscale/utils.c in
FFmpeg before 2.7.2 does not initialize certain pixbuf data
structures, which allows remote attackers to cause a denial
of service (segmentation violation) or possibly have
unspecified other impact via crafted video data.
The ff_frame_thread_init function in
libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles
certain memory-allocation failures, which allows remote
attackers to cause a denial of service (invalid pointer
access) or possibly have unspecified other impact via a
crafted file, as demonstrated by an AVI file.
The ff_rv34_decode_init_thread_copy function in
libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize
certain structure members, which allows remote attackers to
cause a denial of service (invalid pointer access) or
possibly have unspecified other impact via crafted (1) RV30
or (2) RV40 RealVideo data.
Discovery 2015-09-05 Entry 2015-09-20 Modified 2018-03-25 libav
ge 0
gstreamer1-libav
< 1.5.90
gstreamer-ffmpeg
ge 0
handbrake
< 1.2.0
ffmpeg
< 2.7.2,1
ffmpeg26
< 2.6.4
ffmpeg25
< 2.5.8
ffmpeg24
< 2.4.11
ffmpeg-devel
ffmpeg23
ffmpeg2
ffmpeg1
ffmpeg-011
ffmpeg0
ge 0
avidemux
avidemux2
avidemux26
< 2.6.11
kodi
< 15.1
mplayer
mencoder
< 1.1.r20150822
mythtv
mythtv-frontend
le 0.27.5,1
plexhometheater
ge 0
CVE-2015-6818
CVE-2015-6819
CVE-2015-6820
CVE-2015-6821
CVE-2015-6822
CVE-2015-6823
CVE-2015-6824
CVE-2015-6825
CVE-2015-6826
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=47f4e2d8960ca756ca153ab8e3e93d80449b8c91
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=84afc6b70d24fc0bf686e43138c96cf60a9445fe
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7068bf277a37479aecde2832208d820682b35e6
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a38264f20382731cf2cc75fdd98f4c9a84a626
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a
https://ffmpeg.org/security.html
|
b0da85af-21a3-4c15-a137-fe9e4bc86002 | ffmpeg -- multiple vulnerabilities
NVD reports:
The update_dimensions function in libavcodec/vp8.c in
FFmpeg through 2.8.1, as used in Google Chrome before
46.0.2490.71 and other products, relies on a
coefficient-partition count during multi-threaded operation,
which allows remote attackers to cause a denial of service
(race condition and memory corruption) or possibly have
unspecified other impact via a crafted WebM file.
The ljpeg_decode_yuv_scan function in
libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain
width and height checks, which allows remote attackers to
cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted MJPEG
data.
The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in
FFmpeg before 2.8.2 does not validate the Chroma Format
Indicator, which allows remote attackers to cause a denial
of service (out-of-bounds array access) or possibly have
unspecified other impact via crafted High Efficiency Video
Coding (HEVC) data.
The decode_uncompressed function in libavcodec/faxcompr.c
in FFmpeg before 2.8.2 does not validate uncompressed runs,
which allows remote attackers to cause a denial of service
(out-of-bounds array access) or possibly have unspecified
other impact via crafted CCITT FAX data.
The init_tile function in libavcodec/jpeg2000dec.c in
FFmpeg before 2.8.2 does not enforce minimum-value and
maximum-value constraints on tile coordinates, which allows
remote attackers to cause a denial of service (out-of-bounds
array access) or possibly have unspecified other impact via
crafted JPEG 2000 data.
The jpeg2000_read_main_headers function in
libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x
before 2.7.3, and 2.8.x through 2.8.2 does not enforce
uniqueness of the SIZ marker in a JPEG 2000 image, which
allows remote attackers to cause a denial of service
(out-of-bounds heap-memory access) or possibly have
unspecified other impact via a crafted image with two or
more of these markers.
Integer overflow in the ff_ivi_init_planes function in
libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3,
and 2.8.x through 2.8.2 allows remote attackers to cause a
denial of service (out-of-bounds heap-memory access) or
possibly have unspecified other impact via crafted image
dimensions in Indeo Video Interactive data.
The smka_decode_frame function in libavcodec/smacker.c in
FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through
2.8.2 does not verify that the data size is consistent with
the number of channels, which allows remote attackers to
cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted Smacker
data.
Discovery 2015-11-27 Entry 2015-12-02 Modified 2018-03-25 libav
ge 0
gstreamer-ffmpeg
ge 0
handbrake
< 1.2.0
ffmpeg
ge 2.8,1 lt 2.8.3,1
< 2.7.3,1
ffmpeg26
< 2.6.5
ffmpeg25
< 2.5.9
ffmpeg24
< 2.4.12
ffmpeg-devel
ffmpeg23
ffmpeg2
ffmpeg1
ffmpeg-011
ffmpeg0
ge 0
avidemux
avidemux2
avidemux26
le 2.6.11
kodi
< 16.0
mplayer
mencoder
< 1.1.r20150822_7
mythtv
mythtv-frontend
le 0.27.5,1
plexhometheater
ge 0
CVE-2015-6761
CVE-2015-8216
CVE-2015-8217
CVE-2015-8218
CVE-2015-8219
CVE-2015-8363
CVE-2015-8364
CVE-2015-8365
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=dabea74d0e82ea80cd344f630497cafcb3ef872c
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d24888ef19ba38b787b11d1ee091a3d94920c76a
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=93f30f825c08477fe8f76be00539e96014cc83c8
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=43492ff3ab68a343c1264801baa1d5a02de10167
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4a9af07a49295e014b059c1ab624c40345af5892
https://ffmpeg.org/security.html
|