apk package

chainguard/ffmpeg-6

pkg:apk/chainguard/ffmpeg-6

Vulnerabilities (22)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-40962	Med	4.9	< 6.1.4-r4	6.1.4-r4	Apr 16, 2026	FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
CVE-2026-30997	Hig	7.5	< 6.1.4-r5	6.1.4-r5	Apr 13, 2026	An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-22919	Med	6.5	< 6.1.3-r0	6.1.3-r0	Feb 18, 2025	A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
CVE-2025-25469		—	< 0	0	Feb 18, 2025	FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c.
CVE-2025-25468		—	< 0	0	Feb 18, 2025	FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.
CVE-2025-1373		—	< 0	0	Feb 17, 2025	A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approac
CVE-2025-0518		—	< 6.1.3-r0	6.1.3-r0	Jan 16, 2025	Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issu
CVE-2023-51794		—	< 0	0	Apr 26, 2024	Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
CVE-2023-51798		—	< 6.1.3-r0	6.1.3-r0	Apr 19, 2024	Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.
CVE-2023-51797		—	< 0	0	Apr 19, 2024	Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame
CVE-2023-51796		—	< 0	0	Apr 19, 2024	Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.
CVE-2023-51795		—	< 6.1.3-r0	6.1.3-r0	Apr 19, 2024	Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame
CVE-2023-51793		—	< 0	0	Apr 19, 2024	Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
CVE-2023-51791		—	< 0	0	Apr 19, 2024	Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map.
CVE-2023-50010		—	< 0	0	Apr 19, 2024	FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.
CVE-2023-50009		—	< 0	0	Apr 19, 2024	FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component.
CVE-2023-50008		—	< 0	0	Apr 19, 2024	FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component.
CVE-2023-50007		—	< 0	0	Apr 19, 2024	FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component.
CVE-2023-49502		—	< 0	0	Apr 19, 2024	Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.
CVE-2024-31585		—	< 0	0	Apr 17, 2024	FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE-2026-40962MedApr 16, 2026
affected < 6.1.4-r4fixed 6.1.4-r4
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
CVE-2026-30997HigApr 13, 2026
affected < 6.1.4-r5fixed 6.1.4-r5
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-22919MedFeb 18, 2025
affected < 6.1.3-r0fixed 6.1.3-r0
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
CVE-2025-25469Feb 18, 2025
affected < 0fixed 0
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c.
CVE-2025-25468Feb 18, 2025
affected < 0fixed 0
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.
CVE-2025-1373Feb 17, 2025
affected < 0fixed 0
A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approac
CVE-2025-0518Jan 16, 2025
affected < 6.1.3-r0fixed 6.1.3-r0
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issu
CVE-2023-51794Apr 26, 2024
affected < 0fixed 0
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
CVE-2023-51798Apr 19, 2024
affected < 6.1.3-r0fixed 6.1.3-r0
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.
CVE-2023-51797Apr 19, 2024
affected < 0fixed 0
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame
CVE-2023-51796Apr 19, 2024
affected < 0fixed 0
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.
CVE-2023-51795Apr 19, 2024
affected < 6.1.3-r0fixed 6.1.3-r0
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame
CVE-2023-51793Apr 19, 2024
affected < 0fixed 0
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
CVE-2023-51791Apr 19, 2024
affected < 0fixed 0
Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map.
CVE-2023-50010Apr 19, 2024
affected < 0fixed 0
FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.
CVE-2023-50009Apr 19, 2024
affected < 0fixed 0
FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component.
CVE-2023-50008Apr 19, 2024
affected < 0fixed 0
FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component.
CVE-2023-50007Apr 19, 2024
affected < 0fixed 0
FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component.
CVE-2023-49502Apr 19, 2024
affected < 0fixed 0
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.
CVE-2024-31585Apr 17, 2024
affected < 0fixed 0
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Page 1 of 2