linuxserver/ffmpeg
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| < 8.1 | 4.9 MEDIUM | — | ||
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. | ||||
| <= 8.0.1 | 7.5 HIGH | — | ||
A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| <= 8.0.1 | 7.5 HIGH | — | ||
An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file. | ||||
| <= 8.0.1 | 7.5 HIGH | — | ||
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| = 8.0, = 8.0.1 | 5.4 MEDIUM | — | ||
Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base value 63 from 6-bit frame header + offset +2 from read_qp_offset) while the rv60_qp_to_idx array has size 64 (valid indices 0-63). This results in out-of-bounds array access at lines 1554 (decode_cbp8), 1655 (decode_cbp16), and 1419/1421 (get_c4x4_set), potentially leading to memory disclosure or crash. A previous fix in commit 61cbcaf93f added validation only for intra frames. This vulnerability affects the released versions 8.0 (released 2025-08-22) and 8.0.1 (released 2025-11-20) and is fixed in git master commit 8abeb879df which will be included in FFmpeg 8.1. | ||||
| >= 3.2, < 8.0 | 5.3 MEDIUM | — | ||
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service. | ||||
| >= 6.1, < 8.1 | 3.3 LOW | — | ||
A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions. | ||||
| = 8 | 7.5 HIGH | — | ||
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0. | ||||
| = 7.1 | 5.3 MEDIUM | — | ||
ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c. | ||||
| <= 7.1 | 6.3 MEDIUM | 7.5 HIGH | ||
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| < 2025-01-13 | 6.5 MEDIUM | — | ||
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. | ||||
| < 2025-01-13 | 6.5 MEDIUM | — | ||
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. | ||||
| = 7.0, = 7.0.1, = 7.0.2, = 7.0.3, = 7.1, = 7.1.1, = 7.1.2, = 7.1.3, = 7.2, = 8.0, = 8.0.1, = 8.1 | 6.5 MEDIUM | — | ||
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | ||||
| <= 7.1 | 3.3 LOW | 1.7 LOW | ||
A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue. | ||||
| = 7.1 | 5.3 MEDIUM | — | ||
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman | ||||
| >= 2.0, <= 6.0 | 4.7 MEDIUM | — | ||
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions. | ||||
| >= 2.0, <= 6.0 | 7.2 HIGH | — | ||
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs. | ||||
| >= 2.0, <= 6.0 | 5.3 MEDIUM | — | ||
A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation. | ||||
| = 6.1.1 | 8.8 HIGH | — | ||
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. | ||||
| = 6.1.1 | 6.2 MEDIUM | — | ||
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. | ||||
| >= 2.0, <= 6.0 | 7.5 HIGH | — | ||
A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization. | ||||
| >= 2.0, <= 6.0 | 5.3 MEDIUM | — | ||
A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists. | ||||
| = 7.0 | 9.8 CRITICAL | — | ||
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. | ||||
| = 6.1.1 | 9.1 CRITICAL | — | ||
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer | ||||
| = 6.1.1 | 9.1 CRITICAL | — | ||
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. | ||||
| = 6.1.1 | 6.5 MEDIUM | — | ||
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. | ||||
| = 7.0 | 5.9 MEDIUM | — | ||
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. | ||||
| = 6.1.1 | 6.2 MEDIUM | — | ||
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. | ||||
| >= 4.4, < 4.4.5, < 3.4.14, >= 4.0, < 4.2.9, >= 4.3, < 4.3.7, >= 5.0, < 6.1.2 | 6.2 MEDIUM | — | ||
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. | ||||
| = 6.1.1 | 5.3 MEDIUM | — | ||
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. | ||||
| = 6.1.1 | 5.5 MEDIUM | — | ||
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. | ||||