Ffmpeg
by FFmpeg
Source repositories
CVEs (507)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1897 | Med | 0.37 | 5.5 | 0.15 | Jan 15, 2016 | FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. | ||
| CVE-2015-1208 | Med | 0.36 | 5.5 | 0.01 | Jan 9, 2018 | Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. | ||
| CVE-2016-9561 | Med | 0.36 | 5.5 | 0.01 | Dec 23, 2016 | The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. | ||
| CVE-2016-8595 | Med | 0.36 | 5.5 | 0.01 | Dec 23, 2016 | The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | ||
| CVE-2016-7905 | Med | 0.36 | 5.5 | 0.02 | Dec 23, 2016 | The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. | ||
| CVE-2016-7785 | Med | 0.36 | 5.5 | 0.01 | Dec 23, 2016 | The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | ||
| CVE-2016-7562 | Med | 0.36 | 5.5 | 0.02 | Dec 23, 2016 | The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. | ||
| CVE-2016-7555 | Med | 0.36 | 5.5 | 0.01 | Dec 23, 2016 | The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. | ||
| CVE-2016-7122 | Med | 0.36 | 5.5 | 0.01 | Dec 23, 2016 | The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. | ||
| CVE-2016-6881 | Med | 0.36 | 5.5 | 0.01 | Dec 23, 2016 | The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. | ||
| CVE-2018-14395 | Med | 0.35 | 6.5 | 0.02 | Jul 19, 2018 | libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. | ||
| CVE-2018-14394 | Med | 0.35 | 6.5 | 0.01 | Jul 19, 2018 | libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. | ||
| CVE-2025-7700 | Med | 0.34 | 5.3 | 0.00 | Nov 7, 2025 | A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to… | ||
| CVE-2026-40962 | Med | 0.32 | 4.9 | 0.00 | Apr 16, 2026 | FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. | ||
| CVE-2025-25473 | Med | 0.27 | 5.3 | 0.00 | Feb 18, 2025 | FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c. | ||
| CVE-2025-22920 | Med | 0.27 | 5.3 | 0.00 | Feb 18, 2025 | A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). | ||
| CVE-2025-1816 | Med | 0.21 | 4.3 | 0.01 | Mar 2, 2025 | A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters… | ||
| CVE-2025-25471 | Med | 0.21 | 4.3 | 0.00 | Feb 18, 2025 | FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. | ||
| CVE-2009-4637 | 0.04 | — | 0.17 | Feb 10, 2010 | FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. | |||
| CVE-2008-3162 | 0.04 | — | 0.09 | Jul 14, 2008 | Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors. |
- risk 0.37cvss 5.5epss 0.15
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.
- risk 0.36cvss 5.5epss 0.01
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.01
The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.
- risk 0.36cvss 5.5epss 0.01
The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
- risk 0.36cvss 5.5epss 0.02
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.
- risk 0.36cvss 5.5epss 0.01
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
- risk 0.36cvss 5.5epss 0.02
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.
- risk 0.36cvss 5.5epss 0.01
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.
- risk 0.36cvss 5.5epss 0.01
The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.
- risk 0.36cvss 5.5epss 0.01
The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.
- risk 0.35cvss 6.5epss 0.02
libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.
- risk 0.35cvss 6.5epss 0.01
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.
- risk 0.34cvss 5.3epss 0.00
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to…
- risk 0.32cvss 4.9epss 0.00
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
- risk 0.27cvss 5.3epss 0.00
FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c.
- risk 0.27cvss 5.3epss 0.00
A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS).
- risk 0.21cvss 4.3epss 0.01
A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters…
- risk 0.21cvss 4.3epss 0.00
FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.
- CVE-2009-4637Feb 10, 2010risk 0.04cvss —epss 0.17
FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.
- CVE-2008-3162Jul 14, 2008risk 0.04cvss —epss 0.09
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.
Page 5 of 26