Ffmpeg
by FFmpeg
Source repositories
CVEs (507)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-20448 | 0.00 | — | 0.01 | May 25, 2021 | FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. | |||
| CVE-2020-20446 | 0.00 | — | 0.02 | May 25, 2021 | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. | |||
| CVE-2020-20445 | 0.00 | — | 0.02 | May 25, 2021 | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. | |||
| CVE-2020-21041 | 0.00 | — | 0.02 | May 24, 2021 | Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service | |||
| CVE-2021-30123 | 0.00 | — | 0.03 | Apr 7, 2021 | FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. | |||
| CVE-2020-24995 | 0.00 | — | 0.01 | Mar 30, 2021 | Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). | |||
| CVE-2020-35965 | 0.00 | — | 0.02 | Jan 4, 2021 | decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. | |||
| CVE-2020-35964 | 0.00 | — | 0.02 | Jan 3, 2021 | track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. | |||
| CVE-2020-14212 | 0.00 | — | 0.02 | Jun 16, 2020 | FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. | |||
| CVE-2020-13904 | 0.00 | — | 0.01 | Jun 7, 2020 | FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. | |||
| CVE-2020-12284 | 0.00 | — | 0.04 | Apr 28, 2020 | cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. | |||
| CVE-2014-4610 | 0.00 | — | 0.04 | Jan 14, 2020 | Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. | |||
| CVE-2019-17539 | 0.00 | — | 0.02 | Oct 14, 2019 | In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. | |||
| CVE-2019-17542 | 0.00 | — | 0.02 | Oct 14, 2019 | FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. | |||
| CVE-2019-15942 | 0.00 | — | 0.02 | Sep 5, 2019 | FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. | |||
| CVE-2019-13390 | 0.00 | — | 0.02 | Jul 7, 2019 | In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. | |||
| CVE-2019-13312 | 0.00 | — | 0.02 | Jul 5, 2019 | block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. | |||
| CVE-2019-12730 | 0.00 | — | 0.03 | Jun 4, 2019 | aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. | |||
| CVE-2019-11339 | 0.00 | — | 0.03 | Apr 18, 2019 | The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data. | |||
| CVE-2019-11338 | 0.00 | — | 0.02 | Apr 18, 2019 | libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. |
- CVE-2020-20448May 25, 2021risk 0.00cvss —epss 0.01
FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service.
- CVE-2020-20446May 25, 2021risk 0.00cvss —epss 0.02
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.
- CVE-2020-20445May 25, 2021risk 0.00cvss —epss 0.02
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service.
- CVE-2020-21041May 24, 2021risk 0.00cvss —epss 0.02
Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service
- CVE-2021-30123Apr 7, 2021risk 0.00cvss —epss 0.03
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.
- CVE-2020-24995Mar 30, 2021risk 0.00cvss —epss 0.01
Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).
- CVE-2020-35965Jan 4, 2021risk 0.00cvss —epss 0.02
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.
- CVE-2020-35964Jan 3, 2021risk 0.00cvss —epss 0.02
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.
- CVE-2020-14212Jun 16, 2020risk 0.00cvss —epss 0.02
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
- CVE-2020-13904Jun 7, 2020risk 0.00cvss —epss 0.01
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
- CVE-2020-12284Apr 28, 2020risk 0.00cvss —epss 0.04
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
- CVE-2014-4610Jan 14, 2020risk 0.00cvss —epss 0.04
Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.
- CVE-2019-17539Oct 14, 2019risk 0.00cvss —epss 0.02
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
- CVE-2019-17542Oct 14, 2019risk 0.00cvss —epss 0.02
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
- CVE-2019-15942Sep 5, 2019risk 0.00cvss —epss 0.02
FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.
- CVE-2019-13390Jul 7, 2019risk 0.00cvss —epss 0.02
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.
- CVE-2019-13312Jul 5, 2019risk 0.00cvss —epss 0.02
block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.
- CVE-2019-12730Jun 4, 2019risk 0.00cvss —epss 0.03
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.
- CVE-2019-11339Apr 18, 2019risk 0.00cvss —epss 0.03
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
- CVE-2019-11338Apr 18, 2019risk 0.00cvss —epss 0.02
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
Page 14 of 26