Ffmpeg
by FFmpeg
Source repositories
CVEs (507)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-125003 | 0.00 | — | 0.01 | Jun 18, 2022 | A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this… | |||
| CVE-2014-125002 | 0.00 | — | 0.01 | Jun 18, 2022 | A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch… | |||
| CVE-2022-1475 | 0.00 | — | 0.01 | May 2, 2022 | An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. | |||
| CVE-2020-23906 | 0.00 | — | 0.00 | Nov 10, 2021 | FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. | |||
| CVE-2021-38093 | 0.00 | — | 0.01 | Sep 20, 2021 | Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | |||
| CVE-2021-38094 | 0.00 | — | 0.01 | Sep 20, 2021 | Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | |||
| CVE-2021-38092 | 0.00 | — | 0.01 | Sep 20, 2021 | Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | |||
| CVE-2021-38091 | 0.00 | — | 0.01 | Sep 20, 2021 | Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | |||
| CVE-2021-38090 | 0.00 | — | 0.01 | Sep 20, 2021 | Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | |||
| CVE-2020-20902 | 0.00 | — | 0.01 | Sep 20, 2021 | A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. | |||
| CVE-2020-20898 | 0.00 | — | 0.01 | Sep 20, 2021 | Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | |||
| CVE-2020-20896 | 0.00 | — | 0.01 | Sep 20, 2021 | An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference. | |||
| CVE-2020-20892 | 0.00 | — | 0.01 | Sep 20, 2021 | An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero. | |||
| CVE-2020-20891 | 0.00 | — | 0.01 | Sep 20, 2021 | Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | |||
| CVE-2021-38171 | 0.00 | — | 0.02 | Aug 21, 2021 | adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. | |||
| CVE-2021-38291 | 0.00 | — | 0.03 | Aug 12, 2021 | FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. | |||
| CVE-2020-21688 | 0.00 | — | 0.02 | Aug 10, 2021 | A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. | |||
| CVE-2020-21697 | 0.00 | — | 0.01 | Aug 10, 2021 | A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. | |||
| CVE-2021-3566 | 0.00 | — | 0.01 | Aug 5, 2021 | Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output… | |||
| CVE-2021-38114 | 0.00 | — | 0.01 | Aug 4, 2021 | libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. |
- CVE-2014-125003Jun 18, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this…
- CVE-2014-125002Jun 18, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch…
- CVE-2022-1475May 2, 2022risk 0.00cvss —epss 0.01
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
- CVE-2020-23906Nov 10, 2021risk 0.00cvss —epss 0.00
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.
- CVE-2021-38093Sep 20, 2021risk 0.00cvss —epss 0.01
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2021-38094Sep 20, 2021risk 0.00cvss —epss 0.01
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2021-38092Sep 20, 2021risk 0.00cvss —epss 0.01
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2021-38091Sep 20, 2021risk 0.00cvss —epss 0.01
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2021-38090Sep 20, 2021risk 0.00cvss —epss 0.01
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2020-20902Sep 20, 2021risk 0.00cvss —epss 0.01
A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information.
- CVE-2020-20898Sep 20, 2021risk 0.00cvss —epss 0.01
Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2020-20896Sep 20, 2021risk 0.00cvss —epss 0.01
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.
- CVE-2020-20892Sep 20, 2021risk 0.00cvss —epss 0.01
An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.
- CVE-2020-20891Sep 20, 2021risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2021-38171Aug 21, 2021risk 0.00cvss —epss 0.02
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
- CVE-2021-38291Aug 12, 2021risk 0.00cvss —epss 0.03
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.
- CVE-2020-21688Aug 10, 2021risk 0.00cvss —epss 0.02
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
- CVE-2020-21697Aug 10, 2021risk 0.00cvss —epss 0.01
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
- CVE-2021-3566Aug 5, 2021risk 0.00cvss —epss 0.01
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output…
- CVE-2021-38114Aug 4, 2021risk 0.00cvss —epss 0.01
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
Page 11 of 26