VYPR

Ffmpeg

by FFmpeg

Source repositories

CVEs (507)

  • CVE-2020-20448May 25, 2021
    risk 0.00cvss epss 0.01

    FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service.

  • CVE-2020-20446May 25, 2021
    risk 0.00cvss epss 0.02

    FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.

  • CVE-2020-20445May 25, 2021
    risk 0.00cvss epss 0.02

    FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service.

  • CVE-2020-21041May 24, 2021
    risk 0.00cvss epss 0.02

    Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service

  • CVE-2021-30123Apr 7, 2021
    risk 0.00cvss epss 0.03

    FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.

  • CVE-2020-24995Mar 30, 2021
    risk 0.00cvss epss 0.01

    Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).

  • CVE-2020-35965Jan 4, 2021
    risk 0.00cvss epss 0.02

    decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.

  • CVE-2020-35964Jan 3, 2021
    risk 0.00cvss epss 0.02

    track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.

  • CVE-2020-14212Jun 16, 2020
    risk 0.00cvss epss 0.02

    FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.

  • CVE-2020-13904Jun 7, 2020
    risk 0.00cvss epss 0.01

    FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.

  • CVE-2020-12284Apr 28, 2020
    risk 0.00cvss epss 0.04

    cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

  • CVE-2014-4610Jan 14, 2020
    risk 0.00cvss epss 0.04

    Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.

  • CVE-2019-17539Oct 14, 2019
    risk 0.00cvss epss 0.02

    In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.

  • CVE-2019-17542Oct 14, 2019
    risk 0.00cvss epss 0.02

    FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.

  • CVE-2019-15942Sep 5, 2019
    risk 0.00cvss epss 0.02

    FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.

  • CVE-2019-13390Jul 7, 2019
    risk 0.00cvss epss 0.02

    In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.

  • CVE-2019-13312Jul 5, 2019
    risk 0.00cvss epss 0.02

    block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.

  • CVE-2019-12730Jun 4, 2019
    risk 0.00cvss epss 0.03

    aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

  • CVE-2019-11339Apr 18, 2019
    risk 0.00cvss epss 0.03

    The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.

  • CVE-2019-11338Apr 18, 2019
    risk 0.00cvss epss 0.02

    libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.

Page 14 of 26