VYPR

Ffmpeg

by FFmpeg

Source repositories

CVEs (507)

  • CVE-2016-1897MedJan 15, 2016
    risk 0.37cvss 5.5epss 0.15

    FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.

  • CVE-2015-1208MedJan 9, 2018
    risk 0.36cvss 5.5epss 0.01

    Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.

  • CVE-2016-9561MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.

  • CVE-2016-8595MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

  • CVE-2016-7905MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.02

    The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.

  • CVE-2016-7785MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

  • CVE-2016-7562MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.02

    The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.

  • CVE-2016-7555MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.

  • CVE-2016-7122MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.

  • CVE-2016-6881MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.

  • CVE-2018-14395MedJul 19, 2018
    risk 0.35cvss 6.5epss 0.02

    libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.

  • CVE-2018-14394MedJul 19, 2018
    risk 0.35cvss 6.5epss 0.01

    libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.

  • CVE-2025-7700MedNov 7, 2025
    risk 0.34cvss 5.3epss 0.00

    A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to…

  • CVE-2026-40962MedApr 16, 2026
    risk 0.32cvss 4.9epss 0.00

    FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.

  • CVE-2025-25473MedFeb 18, 2025
    risk 0.27cvss 5.3epss 0.00

    FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c.

  • CVE-2025-22920MedFeb 18, 2025
    risk 0.27cvss 5.3epss 0.00

    A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS).

  • CVE-2025-1816MedMar 2, 2025
    risk 0.21cvss 4.3epss 0.01

    A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters…

  • CVE-2025-25471MedFeb 18, 2025
    risk 0.21cvss 4.3epss 0.00

    FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.

  • CVE-2009-4637Feb 10, 2010
    risk 0.04cvss epss 0.17

    FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.

  • CVE-2008-3162Jul 14, 2008
    risk 0.04cvss epss 0.09

    Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.

Page 5 of 26