apk package
chainguard/ffmpeg-8.0
pkg:apk/chainguard/ffmpeg-8.0
Vulnerabilities (15)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40962 | Med | 4.9 | < 8.0.1-r7 | 8.0.1-r7 | Apr 16, 2026 | FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. | |
| CVE-2026-30999 | Hig | 7.5 | < 8.0.2-r0 | 8.0.2-r0 | Apr 13, 2026 | A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |
| CVE-2026-30998 | Hig | 7.5 | < 8.0.2-r0 | 8.0.2-r0 | Apr 13, 2026 | An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file. | |
| CVE-2026-30997 | Hig | 7.5 | < 8.0.2-r0 | 8.0.2-r0 | Apr 13, 2026 | An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |
| CVE-2025-69693 | — | < 0 | 0 | Mar 16, 2026 | Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base value 63 from 6-bit frame head | ||
| CVE-2025-25469 | — | < 8.0.1-r3 | 8.0.1-r3 | Feb 18, 2025 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. | ||
| CVE-2025-25468 | — | < 8.0.1-r3 | 8.0.1-r3 | Feb 18, 2025 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. | ||
| CVE-2025-22921 | — | < 8.0-r0 | 8.0-r0 | Feb 18, 2025 | FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | ||
| CVE-2023-51794 | — | < 8.0.1-r2 | 8.0.1-r2 | Apr 26, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. | ||
| CVE-2023-51798 | — | < 8.0.1-r2 | 8.0.1-r2 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate. | ||
| CVE-2023-51797 | — | < 8.0.1-r2 | 8.0.1-r2 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame | ||
| CVE-2023-51796 | — | < 8.0.1-r2 | 8.0.1-r2 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame. | ||
| CVE-2023-51795 | — | < 8.0.1-r2 | 8.0.1-r2 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame | ||
| CVE-2023-51793 | — | < 8.0.1-r2 | 8.0.1-r2 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. | ||
| CVE-2023-51791 | — | < 8.0.1-r2 | 8.0.1-r2 | Apr 19, 2024 | Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map. |
- affected < 8.0.1-r7fixed 8.0.1-r7
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
- affected < 8.0.2-r0fixed 8.0.2-r0
A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- affected < 8.0.2-r0fixed 8.0.2-r0
An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.
- affected < 8.0.2-r0fixed 8.0.2-r0
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-69693Mar 16, 2026affected < 0fixed 0
Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base value 63 from 6-bit frame head
- CVE-2025-25469Feb 18, 2025affected < 8.0.1-r3fixed 8.0.1-r3
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c.
- CVE-2025-25468Feb 18, 2025affected < 8.0.1-r3fixed 8.0.1-r3
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.
- CVE-2025-22921Feb 18, 2025affected < 8.0-r0fixed 8.0-r0
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
- CVE-2023-51794Apr 26, 2024affected < 8.0.1-r2fixed 8.0.1-r2
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
- CVE-2023-51798Apr 19, 2024affected < 8.0.1-r2fixed 8.0.1-r2
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.
- CVE-2023-51797Apr 19, 2024affected < 8.0.1-r2fixed 8.0.1-r2
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame
- CVE-2023-51796Apr 19, 2024affected < 8.0.1-r2fixed 8.0.1-r2
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.
- CVE-2023-51795Apr 19, 2024affected < 8.0.1-r2fixed 8.0.1-r2
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame
- CVE-2023-51793Apr 19, 2024affected < 8.0.1-r2fixed 8.0.1-r2
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
- CVE-2023-51791Apr 19, 2024affected < 8.0.1-r2fixed 8.0.1-r2
Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map.