VYPR

Ffmpeg

by FFmpeg

Source repositories

CVEs (507)

  • CVE-2017-9995HigJun 28, 2017
    risk 0.51cvss 7.8epss 0.02

    libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2017-9994HigJun 28, 2017
    risk 0.51cvss 7.8epss 0.02

    libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or…

  • CVE-2017-9991HigJun 28, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly…

  • CVE-2012-5361HigMar 20, 2017
    risk 0.51cvss 7.8epss 0.03

    Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.

  • CVE-2016-7502HigDec 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.

  • CVE-2016-7450HigDec 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.

  • CVE-2016-6671HigDec 23, 2016
    risk 0.51cvss 7.8epss 0.02

    The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.

  • CVE-2017-9993HigJun 28, 2017
    risk 0.50cvss 7.5epss 0.16

    FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.

  • CVE-2012-2805HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.02

    Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.

  • CVE-2017-11665HigJul 27, 2017
    risk 0.49cvss 7.5epss 0.02

    The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.

  • CVE-2016-6920HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.03

    Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.

  • CVE-2015-8662HigDec 24, 2015
    risk 0.48cvss 7.3epss 0.02

    The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access)…

  • CVE-2025-9951HigSep 9, 2025
    risk 0.47cvss epss 0.00

    A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.

  • CVE-2017-9608MedDec 27, 2017
    risk 0.43cvss 6.5epss 0.05

    The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.

  • CVE-2026-6385MedApr 15, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment…

  • CVE-2026-30999HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2026-30998HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.

  • CVE-2026-30997HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2025-22919MedFeb 18, 2025
    risk 0.42cvss 6.5epss 0.00

    A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.

  • CVE-2018-15822HigAug 23, 2018
    risk 0.42cvss 7.5epss 0.03

    The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.

Page 3 of 26