Gwanyeong Kim

#10116of 53,638
27.3Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2018-18154
6.5
2018-02-28
FFmpeg · Ffmpeg · CVE-2018-7557
**Name of the Vulnerable Software and Affected Versions** FFmpeg versions 2.8 through 3.4.2 **Description** The issue allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. This is due to a problem in the `decode init` function in `libavcodec/utvideodec.c`. **Recommendations** For FFmpeg versions 2.8 through 3.4.2, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-3992
7.8
2018-02-11
FFmpeg · Ffmpeg · CVE-2018-6912
**Name of the Vulnerable Software and Affected Versions** FFmpeg versions through 3.4.2 **Description** The issue is related to the decode plane function in the libavcodec/utvideodec.c component of the FFmpeg library. It allows remote attackers to cause a denial of service due to an out of array read via a crafted AVI file. The vulnerability is associated with reading beyond the valid boundaries of a data buffer, which can be exploited by a remote attacker to cause a service disruption using a specially crafted AVI file. **Recommendations** For versions through 3.4.2, update to a version that contains a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-17675
6.5
2018-02-05
FFmpeg · Ffmpeg · CVE-2018-6621
**Name of the Vulnerable Software and Affected Versions** FFmpeg versions 3.2 and earlier **Description** The issue allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. This is due to a problem in the `decode frame` function in `libavcodec/utvideodec.c`. **Recommendations** For FFmpeg versions 3.2 and earlier, consider updating to a version that contains a fix for this issue, as the current version allows for a denial of service attack via a crafted AVI file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-17527
6.5
2018-01-29
FFmpeg · Ffmpeg · CVE-2018-6392
**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to 3.4.2 **Description** The issue allows remote attackers to cause a denial of service via a crafted MP4 file. This is due to an out-of-array access in the filter slice function. **Recommendations** For versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue.