Ffmpeg
by FFmpeg
Source repositories
CVEs (507)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16840 | Cri | 0.64 | 9.8 | 0.03 | Nov 21, 2017 | The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. | ||
| CVE-2013-0870 | Cri | 0.64 | 9.8 | 0.01 | Aug 28, 2017 | The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. | ||
| CVE-2012-2781 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2017 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780. | ||
| CVE-2012-2780 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2017 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781. | ||
| CVE-2012-2778 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2017 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781. | ||
| CVE-2012-2773 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2017 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | ||
| CVE-2012-2771 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2017 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | ||
| CVE-2017-7866 | Cri | 0.64 | 9.8 | 0.03 | Apr 14, 2017 | FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. | ||
| CVE-2017-7865 | Cri | 0.64 | 9.8 | 0.03 | Apr 14, 2017 | FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. | ||
| CVE-2017-7863 | Cri | 0.64 | 9.8 | 0.03 | Apr 14, 2017 | FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. | ||
| CVE-2017-7862 | Cri | 0.64 | 9.8 | 0.03 | Apr 14, 2017 | FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. | ||
| CVE-2017-7859 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2017 | FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. | ||
| CVE-2016-6164 | Cri | 0.64 | 9.8 | 0.02 | Jan 23, 2017 | Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. | ||
| CVE-2016-3062 | Hig | 0.58 | 8.8 | 0.04 | Jun 16, 2016 | The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. | ||
| CVE-2018-9841 | Hig | 0.57 | 8.8 | 0.02 | Apr 7, 2018 | The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename. | ||
| CVE-2012-5360 | Hig | 0.57 | 8.8 | 0.03 | Feb 8, 2018 | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. | ||
| CVE-2012-5359 | Hig | 0.57 | 8.8 | 0.03 | Feb 8, 2018 | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file. | ||
| CVE-2017-15672 | Hig | 0.57 | 8.8 | 0.02 | Nov 6, 2017 | The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. | ||
| CVE-2017-14795 | Hig | 0.57 | 8.8 | 0.01 | Sep 28, 2017 | The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in… | ||
| CVE-2017-14767 | Hig | 0.57 | 8.8 | 0.03 | Sep 27, 2017 | The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp… |
- risk 0.64cvss 9.8epss 0.03
The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
- risk 0.64cvss 9.8epss 0.01
The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.
- risk 0.64cvss 9.8epss 0.02
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.
- risk 0.64cvss 9.8epss 0.02
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.
- risk 0.64cvss 9.8epss 0.02
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.
- risk 0.64cvss 9.8epss 0.02
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
- risk 0.64cvss 9.8epss 0.02
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
- risk 0.64cvss 9.8epss 0.03
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.
- risk 0.64cvss 9.8epss 0.03
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.
- risk 0.64cvss 9.8epss 0.03
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.
- risk 0.64cvss 9.8epss 0.03
FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.
- risk 0.64cvss 9.8epss 0.02
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.
- risk 0.64cvss 9.8epss 0.02
Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.
- risk 0.58cvss 8.8epss 0.04
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
- risk 0.57cvss 8.8epss 0.02
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.
- risk 0.57cvss 8.8epss 0.03
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.
- risk 0.57cvss 8.8epss 0.03
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.
- risk 0.57cvss 8.8epss 0.02
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
- risk 0.57cvss 8.8epss 0.01
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in…
- risk 0.57cvss 8.8epss 0.03
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp…
Page 1 of 26