Ffmpeg
by FFmpeg
Source repositories
CVEs (507)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-22921 | 0.00 | — | 0.00 | Feb 18, 2025 | FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | |||
| CVE-2025-25469 | 0.00 | — | 0.00 | Feb 18, 2025 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. | |||
| CVE-2025-25468 | 0.00 | — | 0.00 | Feb 18, 2025 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. | |||
| CVE-2025-1373 | 0.00 | — | 0.00 | Feb 17, 2025 | A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to… | |||
| CVE-2025-0518 | 0.00 | — | 0.00 | Jan 16, 2025 | Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. … | |||
| CVE-2023-6605 | 0.00 | — | 0.00 | Jan 6, 2025 | A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs. | |||
| CVE-2023-6604 | 0.00 | — | 0.00 | Jan 6, 2025 | A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation. | |||
| CVE-2023-6601 | 0.00 | — | 0.00 | Jan 6, 2025 | A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions. | |||
| CVE-2024-36613 | 0.00 | — | 0.00 | Jan 3, 2025 | FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. | |||
| CVE-2024-35365 | 0.00 | — | 0.01 | Jan 3, 2025 | FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. | |||
| CVE-2023-6603 | 0.00 | — | 0.01 | Dec 31, 2024 | A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization. | |||
| CVE-2023-6602 | 0.00 | — | 0.00 | Dec 31, 2024 | A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists. | |||
| CVE-2024-35369 | 0.00 | — | 0.00 | Nov 29, 2024 | In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions,… | |||
| CVE-2024-36615 | 0.00 | — | 0.00 | Nov 29, 2024 | FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. | |||
| CVE-2024-35367 | 0.00 | — | 0.01 | Nov 29, 2024 | FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer | |||
| CVE-2024-36619 | 0.00 | — | 0.01 | Nov 29, 2024 | FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. | |||
| CVE-2024-36618 | 0.00 | — | 0.00 | Nov 29, 2024 | FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. | |||
| CVE-2024-36617 | 0.00 | — | 0.00 | Nov 29, 2024 | FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. | |||
| CVE-2024-36616 | 0.00 | — | 0.01 | Nov 29, 2024 | An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. | |||
| CVE-2024-35366 | 0.00 | — | 0.01 | Nov 29, 2024 | FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without… |
- CVE-2025-22921Feb 18, 2025risk 0.00cvss —epss 0.00
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
- CVE-2025-25469Feb 18, 2025risk 0.00cvss —epss 0.00
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c.
- CVE-2025-25468Feb 18, 2025risk 0.00cvss —epss 0.00
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.
- CVE-2025-1373Feb 17, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to…
- CVE-2025-0518Jan 16, 2025risk 0.00cvss —epss 0.00
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. …
- CVE-2023-6605Jan 6, 2025risk 0.00cvss —epss 0.00
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.
- CVE-2023-6604Jan 6, 2025risk 0.00cvss —epss 0.00
A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.
- CVE-2023-6601Jan 6, 2025risk 0.00cvss —epss 0.00
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
- CVE-2024-36613Jan 3, 2025risk 0.00cvss —epss 0.00
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
- CVE-2024-35365Jan 3, 2025risk 0.00cvss —epss 0.01
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.
- CVE-2023-6603Dec 31, 2024risk 0.00cvss —epss 0.01
A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.
- CVE-2023-6602Dec 31, 2024risk 0.00cvss —epss 0.00
A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.
- CVE-2024-35369Nov 29, 2024risk 0.00cvss —epss 0.00
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions,…
- CVE-2024-36615Nov 29, 2024risk 0.00cvss —epss 0.00
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.
- CVE-2024-35367Nov 29, 2024risk 0.00cvss —epss 0.01
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer
- CVE-2024-36619Nov 29, 2024risk 0.00cvss —epss 0.01
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.
- CVE-2024-36618Nov 29, 2024risk 0.00cvss —epss 0.00
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
- CVE-2024-36617Nov 29, 2024risk 0.00cvss —epss 0.00
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
- CVE-2024-36616Nov 29, 2024risk 0.00cvss —epss 0.01
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.
- CVE-2024-35366Nov 29, 2024risk 0.00cvss —epss 0.01
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without…
Page 7 of 26