Ffmpeg
by FFmpeg
Source repositories
CVEs (507)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31585 | 0.00 | — | 0.00 | Apr 17, 2024 | FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-31582 | 0.00 | — | 0.00 | Apr 17, 2024 | FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. | |||
| CVE-2024-31578 | 0.00 | — | 0.01 | Apr 17, 2024 | FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. | |||
| CVE-2023-49528 | 0.00 | — | 0.00 | Apr 12, 2024 | Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. | |||
| CVE-2024-22862 | 0.00 | — | 0.01 | Jan 27, 2024 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | |||
| CVE-2024-22860 | 0.00 | — | 0.01 | Jan 27, 2024 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | |||
| CVE-2024-22861 | 0.00 | — | 0.01 | Jan 27, 2024 | Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | |||
| CVE-2023-47470 | 0.00 | — | 0.01 | Nov 16, 2023 | Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c | |||
| CVE-2023-46407 | 0.00 | — | 0.00 | Oct 27, 2023 | FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. | |||
| CVE-2020-36138 | 0.00 | — | 0.01 | Aug 11, 2023 | An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). | |||
| CVE-2021-28429 | 0.00 | — | 0.00 | Aug 11, 2023 | Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. | |||
| CVE-2023-39018 | 0.00 | — | 0.01 | Jul 28, 2023 | FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no… | |||
| CVE-2022-48434 | 0.00 | — | 0.02 | Mar 29, 2023 | libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a… | |||
| CVE-2022-3341 | 0.00 | — | 0.01 | Jan 12, 2023 | A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an… | |||
| CVE-2022-3109 | 0.00 | — | 0.01 | Dec 16, 2022 | An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | |||
| CVE-2022-3964 | 0.00 | — | 0.03 | Nov 13, 2022 | A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the… | |||
| CVE-2022-3965 | 0.00 | — | 0.01 | Nov 13, 2022 | A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The… | |||
| CVE-2022-2566 | 0.00 | — | 0.01 | Sep 23, 2022 | A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a… | |||
| CVE-2014-125025 | 0.00 | — | 0.01 | Jun 19, 2022 | A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | |||
| CVE-2014-125024 | 0.00 | — | 0.00 | Jun 19, 2022 | A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
- CVE-2024-31585Apr 17, 2024risk 0.00cvss —epss 0.00
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-31582Apr 17, 2024risk 0.00cvss —epss 0.00
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.
- CVE-2024-31578Apr 17, 2024risk 0.00cvss —epss 0.01
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
- CVE-2023-49528Apr 12, 2024risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.
- CVE-2024-22862Jan 27, 2024risk 0.00cvss —epss 0.01
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
- CVE-2024-22860Jan 27, 2024risk 0.00cvss —epss 0.01
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
- CVE-2024-22861Jan 27, 2024risk 0.00cvss —epss 0.01
Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
- CVE-2023-47470Nov 16, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c
- CVE-2023-46407Oct 27, 2023risk 0.00cvss —epss 0.00
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.
- CVE-2020-36138Aug 11, 2023risk 0.00cvss —epss 0.01
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).
- CVE-2021-28429Aug 11, 2023risk 0.00cvss —epss 0.00
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.
- CVE-2023-39018Jul 28, 2023risk 0.00cvss —epss 0.01
FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no…
- CVE-2022-48434Mar 29, 2023risk 0.00cvss —epss 0.02
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a…
- CVE-2022-3341Jan 12, 2023risk 0.00cvss —epss 0.01
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an…
- CVE-2022-3109Dec 16, 2022risk 0.00cvss —epss 0.01
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
- CVE-2022-3964Nov 13, 2022risk 0.00cvss —epss 0.03
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the…
- CVE-2022-3965Nov 13, 2022risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The…
- CVE-2022-2566Sep 23, 2022risk 0.00cvss —epss 0.01
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a…
- CVE-2014-125025Jun 19, 2022risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.
- CVE-2014-125024Jun 19, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue.
Page 9 of 26