CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| < 8.1 | 4.9 MEDIUM | — | ||
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. | ||||
| <= 8.0.1 | 7.5 HIGH | — | ||
A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| <= 8.0.1 | 7.5 HIGH | — | ||
An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file. | ||||
| <= 8.0.1 | 7.5 HIGH | — | ||
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| = 8.0, = 8.0.1 | 5.4 MEDIUM | — | ||
Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base value 63 from 6-bit frame header + offset +2 from read_qp_offset) while the rv60_qp_to_idx array has size 64 (valid indices 0-63). This results in out-of-bounds array access at lines 1554 (decode_cbp8), 1655 (decode_cbp16), and 1419/1421 (get_c4x4_set), potentially leading to memory disclosure or crash. A previous fix in commit 61cbcaf93f added validation only for intra frames. This vulnerability affects the released versions 8.0 (released 2025-08-22) and 8.0.1 (released 2025-11-20) and is fixed in git master commit 8abeb879df which will be included in FFmpeg 8.1. | ||||
| >= 6.1, < 8.1 | 3.3 LOW | — | ||
A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions. | ||||
| >= 3.2, < 8.0 | 5.3 MEDIUM | — | ||
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service. | ||||
| = 8 | 7.5 HIGH | — | ||
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0. | ||||
| = 7.1 | 5.3 MEDIUM | — | ||
ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c. | ||||
| <= 7.1 | 6.3 MEDIUM | 7.5 HIGH | ||
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| < 2025-01-13 | 6.5 MEDIUM | — | ||
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. | ||||
| < 2025-01-13 | 6.5 MEDIUM | — | ||
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. | ||||
| = 7.0, = 7.0.1, = 7.0.2, = 7.0.3, = 7.1, = 7.1.1, = 7.1.2, = 7.1.3, = 7.2, = 8.0, = 8.0.1, = 8.1 | 6.5 MEDIUM | — | ||
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | ||||
| <= 7.1 | 3.3 LOW | 1.7 LOW | ||
A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue. | ||||
| = 7.1 | 5.3 MEDIUM | — | ||
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman | ||||
| >= 2.0, <= 6.0 | 5.3 MEDIUM | — | ||
A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation. | ||||
| >= 2.0, <= 6.0 | 4.7 MEDIUM | — | ||
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions. | ||||
| >= 2.0, <= 6.0 | 7.2 HIGH | — | ||
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs. | ||||
| = 6.1.1 | 8.8 HIGH | — | ||
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. | ||||
| = 6.1.1 | 6.2 MEDIUM | — | ||
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. | ||||
| >= 2.0, <= 6.0 | 7.5 HIGH | — | ||
A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization. | ||||
| >= 2.0, <= 6.0 | 5.3 MEDIUM | — | ||
A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists. | ||||
| = 7.0 | 9.8 CRITICAL | — | ||
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. | ||||
| = 6.1.1 | 9.1 CRITICAL | — | ||
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. | ||||
| = 6.1.1 | 9.1 CRITICAL | — | ||
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer | ||||
| = 6.1.1 | 6.5 MEDIUM | — | ||
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. | ||||
| = 7.0 | 5.9 MEDIUM | — | ||
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. | ||||
| = 6.1.1 | 6.2 MEDIUM | — | ||
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. | ||||
| >= 4.4, < 4.4.5, < 3.4.14, >= 4.0, < 4.2.9, >= 4.3, < 4.3.7, >= 5.0, < 6.1.2 | 6.2 MEDIUM | — | ||
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. | ||||
| = 6.1.1 | 5.3 MEDIUM | — | ||
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. | ||||
| = 6.1.1 | 5.5 MEDIUM | — | ||
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. | ||||
| < 5.1.6 | 6.3 MEDIUM | 7.5 HIGH | ||
A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| < 4.3.8, >= 4.4, < 4.4.5, >= 7.0, < 7.0.2, >= 5.0, < 5.1.6, >= 6.0, < 6.1.2 | 6.3 MEDIUM | 7.5 HIGH | ||
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. | ||||
| = 7.0 | 6.6 MEDIUM | — | ||
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. | ||||
| = 7.0 | 8.4 HIGH | — | ||
FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. | ||||
| = 7.0 | 7.8 HIGH | — | ||
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 | ||||
| = 7.0, = 7.0.1, = 7.0.2, = 7.0.3, = 7.1, = 7.1.1, = 7.1.2, = 7.1.3, = 7.2, = 8.0, = 8.0.1, = 8.1 | 7.8 HIGH | — | ||
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. | ||||
| = 7.0, = 7.0.1, = 7.0.2, = 7.0.3, = 7.1, = 7.1.1, = 7.1.2, = 7.1.3, = 7.2, = 8.0, = 8.0.1, = 8.1 | 7.8 HIGH | — | ||
Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map. | ||||
| = 7.0, = 7.0.1, = 7.0.2, = 7.0.3, = 7.1, = 7.1.1, = 7.1.2, = 7.1.3, = 7.2, = 8.0, = 8.0.1, = 8.1 | 3.6 LOW | — | ||
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame. | ||||
| = 7.0, = 7.0.1, = 7.0.2, = 7.0.3, = 7.1, = 7.1.1, = 7.1.2, = 7.1.3, = 7.2, = 8.0, = 8.0.1, = 8.1 | 6.7 MEDIUM | — | ||
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame | ||||
| = 7.0, = 7.0.1, = 7.0.2, = 7.0.3, = 7.1, = 7.1.1, = 7.1.2, = 7.1.3, = 7.2, = 8.0, = 8.0.1, = 8.1 | 7.8 HIGH | — | ||
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate. | ||||
| = 7.0, = 7.0.1, = 7.0.2, = 7.0.3, = 7.1, = 7.1.1, = 7.1.2, = 7.1.3, = 7.2, = 8.0, = 8.0.1, = 8.1 | 7.8 HIGH | — | ||
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. | ||||
| = 7.0, = 7.0.1, = 7.0.2, = 7.0.3, = 7.1, = 7.1.1, = 7.1.2, = 7.1.3, = 7.2, = 8.0, = 8.0.1, = 8.1 | 8 HIGH | — | ||
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame | ||||
| >= 6.1, < 7.0 | 7.8 HIGH | — | ||
FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component. | ||||
| >= 6.1, < 7.0 | 8 HIGH | — | ||
FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component. | ||||
| >= 6.1, < 7.0 | 7.8 HIGH | — | ||
FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component. | ||||
| >= 6.1, < 7.0 | 8.8 HIGH | — | ||
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. | ||||
| >= 6.1, < 7.0 | 4 MEDIUM | — | ||
FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. | ||||
| = 6.1 | 8 HIGH | — | ||
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. | ||||
| >= 5.1, < 7.0 | 5.3 MEDIUM | — | ||
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| >= 6.1, < 7.0 | 7.8 HIGH | — | ||
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. | ||||
| = 6.1 | 9.8 CRITICAL | — | ||
FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application. | ||||
| < 7.0 | 7.5 HIGH | — | ||
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. | ||||
| = 6.1 | 8 HIGH | — | ||
Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. | ||||
| = *, = 6.1 | 7.5 HIGH | — | ||
Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | ||||
| = *, = 6.1 | 9.8 CRITICAL | — | ||
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | ||||
| = *, = 6.1 | 9.8 CRITICAL | — | ||
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | ||||
| = *, = 6.1 | 7.8 HIGH | — | ||
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c | ||||
| = *, = 6.1 | 5.5 MEDIUM | — | ||
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. | ||||
| = 4.3.2 | 5.5 MEDIUM | — | ||
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. | ||||
| = 4.3 | 7.5 HIGH | — | ||
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). | ||||
| = * | 9.8 CRITICAL | — | ||
FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which FFmpeg.java uses untrusted input for the path of the executable file. | ||||
| < 5.1.2 | 8.1 HIGH | — | ||
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). | ||||
| = *, < 5.0.3 | 5.3 MEDIUM | — | ||
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. | ||||
| = *, < 5.0.3 | 7.5 HIGH | — | ||
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | ||||
| = *, >= 5.1, < 5.1.3, >= 5.0, < 5.0.3 | 4.3 MEDIUM | — | ||
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. | ||||
| = *, >= 5.1, < 5.1.3, >= 5.0, < 5.0.3, >= 4.4, < 4.4.4 | 4.3 MEDIUM | — | ||
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. | ||||
| = 5.1 | 9 CRITICAL | — | ||
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 7.3 HIGH | 6.8 MEDIUM | ||
A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 7.3 HIGH | 6.8 MEDIUM | ||
A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 7.3 HIGH | 6.8 MEDIUM | ||
A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 7.3 HIGH | 6.8 MEDIUM | ||
A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 6.8 MEDIUM | ||
A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 2.0 | 5.3 MEDIUM | 4.3 MEDIUM | ||
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | ||||
| = 5.0, >= 4.2, < 4.4.2 | 5.5 MEDIUM | 4.3 MEDIUM | ||
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. | ||||
| = 4.2 | 5.5 MEDIUM | 4.3 MEDIUM | ||
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. | ||||
| = 4.2.1 | 8.8 HIGH | 6.8 MEDIUM | ||
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||||
| = 4.2.1 | 8.8 HIGH | 6.8 MEDIUM | ||
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||||
| = 4.2.1 | 8.8 HIGH | 6.8 MEDIUM | ||
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||||
| = 4.2.1 | 8.8 HIGH | 6.8 MEDIUM | ||
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||||
| = 4.2.1 | 8.8 HIGH | 6.8 MEDIUM | ||
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||||
| = 4.2.1 | 8.8 HIGH | 6.8 MEDIUM | ||
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference. | ||||
| = 4.2.1 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. | ||||
| = 4.2.1 | 8.8 HIGH | 6.8 MEDIUM | ||
Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||||
| = 4.2.1 | 8.8 HIGH | 6.8 MEDIUM | ||
An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero. | ||||
| = 4.2.1 | 8.8 HIGH | 6.8 MEDIUM | ||
Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||||
| = 4.4 | 9.8 CRITICAL | 7.5 HIGH | ||
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. | ||||
| = *, >= 4.2.0, < 4.2.5, >= 4.3.0, < 4.3.3, >= 4.4.0, < 4.4.1, < 4.1.7 | 7.5 HIGH | 5 MEDIUM | ||
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. | ||||
| < 4.3 | 5.5 MEDIUM | 4.3 MEDIUM | ||
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). | ||||
| = 4.4 | 5.5 MEDIUM | 4.3 MEDIUM | ||
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. | ||||
| = 4.4 | 8.8 HIGH | 6.8 MEDIUM | ||
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service. | ||||
| = 4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. | ||||
| = 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. | ||||
| = 4.2.3 | 8.8 HIGH | 6.5 MEDIUM | ||
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. | ||||
| = 4.2 | 6.5 MEDIUM | 4 MEDIUM | ||
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service | ||||
| = 4.2 | 7.5 HIGH | 5 MEDIUM | ||
Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c. | ||||
| = 4.2 | 7.5 HIGH | 5 MEDIUM | ||
FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. | ||||
| = 4.1.3 | 6.5 MEDIUM | 4 MEDIUM | ||
FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. | ||||
| = 4.2 | 6.5 MEDIUM | 4 MEDIUM | ||
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. | ||||
| = 4.2 | 6.5 MEDIUM | 4 MEDIUM | ||
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. | ||||
| = 4.1 | 7.5 HIGH | 5 MEDIUM | ||
Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service | ||||
| = 4.4 | 8.8 HIGH | 6.8 MEDIUM | ||
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. | ||||
| = 3.1.2 | 7.8 HIGH | 4.6 MEDIUM | ||
Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). | ||||
| >= 4.3.1, < 4.4 | 7.5 HIGH | 5 MEDIUM | ||
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. | ||||
| = 4.3.1 | 6.5 MEDIUM | 4.3 MEDIUM | ||
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. | ||||
| >= 4.3, < 4.3.1 | 8.8 HIGH | 6.8 MEDIUM | ||
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. | ||||
| = 2.8, = 4.2.3 | 5.5 MEDIUM | 4.3 MEDIUM | ||
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. | ||||
| = 4.1, = 4.2.2 | 9.8 CRITICAL | 10 HIGH | ||
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. | ||||
| >= 2.2, < 2.2.4, >= 2.1, < 2.1.5, >= 1.1, < 1.1.12, >= 2.0, < 2.0.5, >= 1.2, < 1.2.7, < 0.10.14 | 8.8 HIGH | 6.8 MEDIUM | ||
Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. | ||||
| < 2.8.16, >= 3.2, < 3.2.15, >= 3.4, < 3.4.7, >= 4.0, < 4.0.5, >= 4.1, < 4.1.5 | 9.8 CRITICAL | 7.5 HIGH | ||
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. | ||||
| >= 4.0, < 4.0.5, >= 4.1, < 4.1.5, < 3.4.7 | 9.8 CRITICAL | 7.5 HIGH | ||
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. | ||||
| <= 4.2 | 8.8 HIGH | 6.8 MEDIUM | ||
FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. | ||||
| = 4.1.3 | — | 4.3 MEDIUM | ||
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. | ||||
| = 4.1.3 | — | 6.8 MEDIUM | ||
block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. | ||||
| < 3.2.14 | — | 7.5 HIGH | ||
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. | ||||
| = 3.4, = 4.1.2 | 8.8 HIGH | 6.8 MEDIUM | ||
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | ||||
| >= 4.1, < 4.1.2, >= 4.0, < 4.0.4 | — | 6.8 MEDIUM | ||
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data. | ||||
| = 3.2, = 4.1 | 6.5 MEDIUM | 4.3 MEDIUM | ||
In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | ||||
| = 3.2, = 4.1 | 6.5 MEDIUM | 4.3 MEDIUM | ||
A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | ||||
| = 4.1 | — | 4.3 MEDIUM | ||
FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31. | ||||
| <= 2.8 | 7.5 HIGH | 5 MEDIUM | ||
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. | ||||
| <= 4.0.1 | — | 6.8 MEDIUM | ||
FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later. | ||||
| < 3.4.3 | — | 7.5 HIGH | ||
FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later. | ||||
| <= 4.0.1 | — | 4.3 MEDIUM | ||
FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later. | ||||
| <= 4.0.1 | — | 7.1 HIGH | ||
FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later. | ||||
| <= 4.0.1 | — | 4.3 MEDIUM | ||
FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. | ||||
| <= 4.0.1 | — | 4.3 MEDIUM | ||
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later. | ||||
| = 3.2, = 4.0 | 6.5 MEDIUM | 4.3 MEDIUM | ||
libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. | ||||
| < 4.0.2 | — | 4.3 MEDIUM | ||
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. | ||||
| = 4.0.1 | — | 4.3 MEDIUM | ||
In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. | ||||
| = 4.0.1 | — | 6.8 MEDIUM | ||
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact. | ||||
| = 4.0.1 | — | 5.8 MEDIUM | ||
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. | ||||
| = 4.0.1 | — | 5.8 MEDIUM | ||
In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. | ||||
| = 4.0.1 | — | 4.3 MEDIUM | ||
In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c. | ||||
| = 4.0.1 | — | 4.3 MEDIUM | ||
In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. | ||||
| = 4.0 | — | 4.3 MEDIUM | ||
libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c. | ||||
| = 4.0 | — | 4.3 MEDIUM | ||
An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | ||||
| = 2.8, = 4.0 | 6.5 MEDIUM | 4.3 MEDIUM | ||
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | ||||
| <= 3.4.2 | — | 4.3 MEDIUM | ||
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. | ||||
| <= 3.4.2 | — | 4.3 MEDIUM | ||
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. | ||||
| <= 3.4.2 | — | 6.8 MEDIUM | ||
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename. | ||||
| >= 2.8, <= 3.4.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. | ||||
| <= 3.4.2 | — | 4.3 MEDIUM | ||
The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. | ||||
| < 0.11 | — | 9.3 HIGH | ||
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file. | ||||
| < 0.11 | — | 9.3 HIGH | ||
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. | ||||
| <= 3.2 | 6.5 MEDIUM | 4.3 MEDIUM | ||
The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. | ||||
| <= 3.4.1 | — | 4.3 MEDIUM | ||
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. | ||||
| < 2.4.6 | — | 4.3 MEDIUM | ||
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. | ||||
| = 3.4 | — | 4.3 MEDIUM | ||
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. | ||||
| >= 3.3, < 3.3.3, < 3.2.6 | — | 4.3 MEDIUM | ||
The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. | ||||
| = 3.4.1 | — | 4.3 MEDIUM | ||
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. | ||||
| = 3.4 | — | 4.3 MEDIUM | ||
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. | ||||
| = 3.0, = 3.4 | 9.8 CRITICAL | 7.5 HIGH | ||
The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. | ||||
| <= 3.3.4 | — | 6.8 MEDIUM | ||
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. | ||||
| <= 3.3.4 | — | 4.3 MEDIUM | ||
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | ||||
| <= 3.3.3 | — | 6.8 MEDIUM | ||
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. | ||||
| = 3.3.3 | — | 6.8 MEDIUM | ||
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) | ||||
| = 3.3.3 | — | 7.1 HIGH | ||
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | ||||
| = 3.3.3 | — | 7.1 HIGH | ||
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | ||||
| = 3.3.3 | — | 6.8 MEDIUM | ||
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. | ||||
| = 3.3.3 | — | 7.1 HIGH | ||
In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop. | ||||
| = 3.3.3 | — | 7.1 HIGH | ||
In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file. | ||||
| = 3.3.3 | — | 7.1 HIGH | ||
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop. | ||||
| = 3.3.3 | — | 7.1 HIGH | ||
In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop. | ||||
| = 3.3.3 | — | 7.1 HIGH | ||
In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | ||||
| = 3.3.3 | — | 7.1 HIGH | ||
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops. | ||||
| = 3.3.3 | — | 7.1 HIGH | ||
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. | ||||
| = 3.3.3 | — | 4.3 MEDIUM | ||
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). | ||||
| = 0.10 | — | 5 MEDIUM | ||
Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. | ||||
| = 1.1.4 | — | 7.5 HIGH | ||
The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. | ||||
| <= 0.10.0 | — | 7.5 HIGH | ||
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781. | ||||
| <= 0.10.0 | — | 7.5 HIGH | ||
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780. | ||||
| <= 0.10.0 | — | 7.5 HIGH | ||
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781. | ||||
| <= 0.10.0 | — | 7.5 HIGH | ||
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | ||||
| < 0.10.3 | — | 7.5 HIGH | ||
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | ||||
| <= 3.3.2 | — | 6.8 MEDIUM | ||
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. | ||||
| = 3.3.2 | — | 5 MEDIUM | ||
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. | ||||
| <= 3.3.2 | — | 6.8 MEDIUM | ||
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. | ||||
| = 3.1.3, = 3.2, = 3.1.1, = 3.0.1, = 3.0.2, = 2.8.4, = 3.1.4, = 2.8.8, = 3.2.4, = 2.8.5, = 2.8.6, = 3.1.5, = 3.1.6, = 3.1.7, = 3.0.5, = 3.0.3, = 3.2.2, = 3.0.7, = 2.8.1, = 2.8.11, = 3.2.1, = 3.2.3, = 2.8, = 2.8.2, = 2.8.10, = 2.8.9, = 3.0.4, = 2.8.3, = 3.0.6, = 3.0, = 3.1, = 3.1.2, = 3.3, = 2.8.7 | — | 6.8 MEDIUM | ||
The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | ||||
| <= 2.8.11, = 3.1.3, = 3.2, = 3.1.1, = 3.0.1, = 3.0.2, = 3.1.4, = 3.2.4, = 3.1.7, = 3.1.6, = 3.0.5, = 3.1.5, = 3.2.1, = 3.0.3, = 3.0.4, = 3.3, = 3.2.3, = 3.0.6, = 3.2.2, = 3.0.7, = 3.0, = 3.1, = 3.1.2 | — | 6.8 MEDIUM | ||
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | ||||
| = 3.3 | — | 6.8 MEDIUM | ||
libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | ||||
| < 2.8.12, >= 3.0, < 3.0.8, >= 3.1, < 3.1.8, >= 3.2, < 3.2.5, >= 3.3, < 3.3.1 | — | 6.8 MEDIUM | ||
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. | ||||
| < 2.8.12, >= 3.2, < 3.2.6, >= 3.3, < 3.3.2, >= 3.0, < 3.1.9 | — | 5 MEDIUM | ||
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. | ||||
| < 2.8.12, >= 3.0, < 3.0.8, >= 3.1, < 3.1.8, >= 3.2, < 3.2.5, >= 3.3, < 3.3.1 | — | 6.8 MEDIUM | ||
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | ||||
| <= 3.3 | — | 6.8 MEDIUM | ||
Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | ||||
| <= 2.8.9 | — | 7.5 HIGH | ||
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. | ||||
| <= 2.8.10 | — | 7.5 HIGH | ||
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. | ||||
| <= 2.8.9 | — | 7.5 HIGH | ||
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. | ||||
| <= 3.2.4 | — | 7.5 HIGH | ||
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. | ||||
| <= 2.8.10 | — | 7.5 HIGH | ||
FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. | ||||
| <= 0.10.15 | — | 6.8 MEDIUM | ||
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file. | ||||
| = 3.1.3, = 3.2, = 3.1.1, = 3.0.1, = 3.0.2, = 3.1.4, = 3.1.5, = 3.0.3, <= 2.8.9, = 3.2.1, = 3.1.2, = 3.0, = 3.1, = 3.0.4 | — | 7.5 HIGH | ||
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. | ||||
| = 3.1.3, = 3.2, = 3.1.1, = 3.0.1, = 3.0.2, = 3.1.4, = 3.1.5, = 3.0.3, <= 2.8.9, = 3.1, = 3.0, = 3.1.2, = 3.2.1, = 3.0.4 | — | 7.5 HIGH | ||
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. | ||||
| = 3.1.3, = 3.2, = 3.1.1, = 3.0.1, = 3.0.2, = 3.1.4, = 3.1.5, = 3.0.3, <= 2.8.9, = 3.1.2, = 3.1, = 3.2.1, = 3.0.4, = 3.0 | — | 7.5 HIGH | ||
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. | ||||
| <= 3.1.2 | — | 5 MEDIUM | ||
Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. | ||||
| = 3.0.1, = 3.0.2, <= 2.8.7, = 3.0, = 3.1 | — | 7.5 HIGH | ||
Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. | ||||
| <= 3.1.3 | — | 6.8 MEDIUM | ||
The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. | ||||
| <= 3.1.4 | — | 4.3 MEDIUM | ||
The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | ||||
| <= 3.1.3 | — | 4.3 MEDIUM | ||
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | ||||
| <= 3.1.3 | — | 4.3 MEDIUM | ||
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. | ||||
| <= 3.1.3 | — | 4.3 MEDIUM | ||
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. | ||||
| <= 3.1.3 | — | 6.8 MEDIUM | ||
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. | ||||
| <= 3.1.3 | — | 4.3 MEDIUM | ||
The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. | ||||
| <= 3.2 | — | 4.3 MEDIUM | ||
The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. | ||||
| <= 3.1.2 | — | 4.3 MEDIUM | ||
The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. | ||||
| <= 3.1.3 | — | 4.3 MEDIUM | ||
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. | ||||
| <= 3.1.1 | — | 6.8 MEDIUM | ||
The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. | ||||
| = 0.10 | — | 4.3 MEDIUM | ||
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video. | ||||
| <= 0.10.15 | — | 6.8 MEDIUM | ||
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. | ||||
| <= 2.8.5 | — | 6.8 MEDIUM | ||
libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions. | ||||
| <= 2.8.5 | — | 6.8 MEDIUM | ||
libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions. | ||||
| <= 2.8.5 | — | 6.8 MEDIUM | ||
libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions. | ||||
| <= 2.8.4 | — | 6.8 MEDIUM | ||
libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions. | ||||
| <= 2.8.4 | — | 6.8 MEDIUM | ||
Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file. | ||||
| <= 2.8.5 | — | 4.3 MEDIUM | ||
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data. | ||||
| = 2.2.12, = 2.4.11, = 2.3, = 2.6.3, = 2.2.8, = 2.3.3, = 2.4.4, = 2.0.7, = 2.2, = 2.6.6, = 2.2.4, = 2.2.3, = 2.0.4, = 2.5.6, = 2.4.10, = 2.2.1, = 2.6.2, = 2.5.4, = 2.4.9, = 2.4.1, = 2.8.4, = 2.7.1, = 2.4.6, = 2.3.5, = 2.2.15, = 2.2.6, = 2.1.6, = 2.8.3, = 2.8.2, = 2.7, = 2.5.9, = 2.5.8, = 2.5, = 2.4.5, = 2.2.11, = 2.1.5, = 2.1.4, = 2.0.3, = 2.8.1, = 2.8, = 2.6.5, = 2.6.4, = 2.4.3, = 2.4.2, = 2.3.2, = 2.2.9, = 2.1.3, = 2.0.2, = 2.0.1, = 2.7.4, = 2.7.3, = 2.5.5, = 2.4.8, = 2.1.8, = 2.1.1, = 2.0, = 2.7.2, = 2.6, = 2.4.7, = 2.3.6, = 2.2.14, = 2.1.7, = 2.5.1, = 2.3.4, = 2.2.13, = 2.5.7, = 2.4.12, = 2.2.10, = 2.2.2, = 2.1.2, = 2.4, = 2.3.1, = 2.2.16, = 2.2.7, = 2.1, = 2.6.1, = 2.5.3, = 2.5.2, = 2.2.5, = 2.0.6, = 2.0.5 | — | 4.3 MEDIUM | ||
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file. | ||||
| = 2.2.12, = 2.4.11, = 2.3, = 2.6.3, = 2.2.8, = 2.3.3, = 2.4.4, = 2.0.7, = 2.2, = 2.6.2, = 2.5.4, = 2.4.9, = 2.2.15, = 2.8.4, = 2.7.1, = 2.4.6, = 2.3.5, = 2.2.6, = 2.2.4, = 2.1.6, = 2.6.6, = 2.2.3, = 2.0.4, = 2.5.6, = 2.4.10, = 2.4.1, = 2.2.1, = 2.7.4, = 2.7.3, = 2.4.8, = 2.3.6, = 2.1.8, = 2.1.7, = 2.0, = 2.8.3, = 2.7.2, = 2.6, = 2.5.9, = 2.4.7, = 2.2.14, = 2.1.5, = 2.8.2, = 2.8.1, = 2.7, = 2.6.5, = 2.5.8, = 2.5, = 2.4.5, = 2.4.3, = 2.3.2, = 2.2.11, = 2.1.4, = 2.1.3, = 2.0.3, = 2.8, = 2.6.4, = 2.5.5, = 2.4.2, = 2.2.9, = 2.1.1, = 2.0.2, = 2.0.1, = 2.6.1, = 2.5.3, = 2.4, = 2.2.16, = 2.2.7, = 2.1, = 2.5.2, = 2.5.1, = 2.3.4, = 2.2.13, = 2.2.5, = 2.0.6, = 2.0.5, = 2.5.7, = 2.4.12, = 2.2.2, = 2.3.1, = 2.2.10, = 2.1.2 | — | 4.3 MEDIUM | ||
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. | ||||
| = 2.8.3 | — | 7.5 HIGH | ||
The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file. | ||||
| <= 2.8.2 | — | 7.5 HIGH | ||
The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. | ||||
| <= 2.8.3 | — | 7.5 HIGH | ||
The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. | ||||
| = 2.7.1, = 2.7.0, = 2.8.2, = 2.8.1, = 2.6.4, = 2.7.2, = 2.8.0 | — | 6.8 MEDIUM | ||
The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data. | ||||
| = 2.7.1, = 2.7.0, = 2.8.2, = 2.8.1, = 2.6.4, = 2.7.2, = 2.8.0 | — | 6.8 MEDIUM | ||
Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data. | ||||
| = 2.7.1, = 2.7.0, = 2.8.2, = 2.8.1, = 2.6.4, = 2.7.2, = 2.8.0 | — | 6.8 MEDIUM | ||
The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers. | ||||
| <= 2.8.1 | — | 7.5 HIGH | ||
The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. | ||||
| <= 2.8.1 | — | 6.8 MEDIUM | ||
The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data. | ||||
| <= 2.8.1 | — | 7.5 HIGH | ||
The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data. | ||||
| <= 2.8.1 | — | 7.5 HIGH | ||
The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. | ||||
| <= 2.8.1 | — | 6.8 MEDIUM | ||
The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. | ||||
| <= 2.7.1 | — | 7.5 HIGH | ||
The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data. | ||||
| <= 2.7.1 | — | 7.5 HIGH | ||
The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file. | ||||
| <= 2.7.1 | — | 7.5 HIGH | ||
The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. | ||||
| <= 2.7.1 | — | 7.5 HIGH | ||
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. | ||||
| <= 2.7.1 | — | 7.5 HIGH | ||
The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. | ||||
| <= 2.7.1 | — | 7.5 HIGH | ||
The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data. | ||||
| <= 2.7.1 | — | 7.5 HIGH | ||
The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data. | ||||
| <= 2.7.1 | — | 7.5 HIGH | ||
Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. | ||||
| <= 2.7.1 | — | 7.5 HIGH | ||
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. | ||||
| <= 2.5.3 | — | 6.8 MEDIUM | ||
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. | ||||
| = 2.2.12, = 2.2.8, = 2.4.4, = 2.5.0, = 2.4.1, = 2.2.4, = 2.2.6, = 2.2.3, = 2.4.6, = 2.0.6, = 2.2.7, = 2.2.14, = 2.2.13, = 2.4.7, = 2.6.0, = 2.6.1, = 2.2.10, = 2.2.11, = 2.4.5, = 2.5.4, = 2.5.5, = 2.2.0, = 2.2.1, = 2.2.9, = 2.4.2, = 2.4.3, = 2.5.3, = 2.4.0, = 2.5.1, = 2.2.5, = 2.2.2, = 2.5.2 | — | 6.8 MEDIUM | ||
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. | ||||