apk package
chainguard/ffmpeg-7.1
pkg:apk/chainguard/ffmpeg-7.1
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40962 | Med | 4.9 | < 7.1.3-r6 | 7.1.3-r6 | Apr 16, 2026 | FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. | |
| CVE-2026-30997 | Hig | 7.5 | < 7.1.3-r7 | 7.1.3-r7 | Apr 13, 2026 | An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |
| CVE-2025-9951 | Hig | — | < 7.1.2-r0 | 7.1.2-r0 | Sep 9, 2025 | A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000. | |
| CVE-2025-25469 | — | < 7.1.3-r2 | 7.1.3-r2 | Feb 18, 2025 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. | ||
| CVE-2025-25468 | — | < 7.1.3-r2 | 7.1.3-r2 | Feb 18, 2025 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. | ||
| CVE-2025-22921 | — | < 7.1.4-r0 | 7.1.4-r0 | Feb 18, 2025 | FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | ||
| CVE-2023-51794 | — | < 7.1.3-r1 | 7.1.3-r1 | Apr 26, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. | ||
| CVE-2023-51798 | — | < 7.1.3-r1 | 7.1.3-r1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate. | ||
| CVE-2023-51797 | — | < 7.1.3-r1 | 7.1.3-r1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame | ||
| CVE-2023-51796 | — | < 7.1.3-r1 | 7.1.3-r1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame. | ||
| CVE-2023-51795 | — | < 7.1.3-r1 | 7.1.3-r1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame | ||
| CVE-2023-51793 | — | < 7.1.3-r1 | 7.1.3-r1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. | ||
| CVE-2023-51791 | — | < 7.1.3-r1 | 7.1.3-r1 | Apr 19, 2024 | Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map. |
- affected < 7.1.3-r6fixed 7.1.3-r6
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
- affected < 7.1.3-r7fixed 7.1.3-r7
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- affected < 7.1.2-r0fixed 7.1.2-r0
A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
- CVE-2025-25469Feb 18, 2025affected < 7.1.3-r2fixed 7.1.3-r2
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c.
- CVE-2025-25468Feb 18, 2025affected < 7.1.3-r2fixed 7.1.3-r2
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.
- CVE-2025-22921Feb 18, 2025affected < 7.1.4-r0fixed 7.1.4-r0
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
- CVE-2023-51794Apr 26, 2024affected < 7.1.3-r1fixed 7.1.3-r1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
- CVE-2023-51798Apr 19, 2024affected < 7.1.3-r1fixed 7.1.3-r1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.
- CVE-2023-51797Apr 19, 2024affected < 7.1.3-r1fixed 7.1.3-r1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame
- CVE-2023-51796Apr 19, 2024affected < 7.1.3-r1fixed 7.1.3-r1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.
- CVE-2023-51795Apr 19, 2024affected < 7.1.3-r1fixed 7.1.3-r1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame
- CVE-2023-51793Apr 19, 2024affected < 7.1.3-r1fixed 7.1.3-r1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
- CVE-2023-51791Apr 19, 2024affected < 7.1.3-r1fixed 7.1.3-r1
Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map.