VYPR

Vendor CVEs

FFmpeg

All CVEs

510 total · sorted by risk
  • CVE-2017-16840CriNov 21, 2017
    risk 0.64cvss 9.8epss 0.03

    The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.

  • CVE-2013-0870CriAug 28, 2017
    risk 0.64cvss 9.8epss 0.01

    The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.

  • CVE-2012-2781CriAug 9, 2017
    risk 0.64cvss 9.8epss 0.02

    Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.

  • CVE-2012-2780CriAug 9, 2017
    risk 0.64cvss 9.8epss 0.02

    Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.

  • CVE-2012-2778CriAug 9, 2017
    risk 0.64cvss 9.8epss 0.02

    Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.

  • CVE-2012-2773CriAug 9, 2017
    risk 0.64cvss 9.8epss 0.02

    Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.

  • CVE-2012-2771CriAug 9, 2017
    risk 0.64cvss 9.8epss 0.02

    Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.

  • CVE-2017-7866CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.

  • CVE-2017-7865CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.

  • CVE-2017-7863CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.

  • CVE-2017-7862CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.

  • CVE-2017-7859CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.02

    FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.

  • CVE-2016-6164CriJan 23, 2017
    risk 0.64cvss 9.8epss 0.02

    Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.

  • CVE-2016-3062HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

  • CVE-2018-9841HigApr 7, 2018
    risk 0.57cvss 8.8epss 0.02

    The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.

  • CVE-2012-5360HigFeb 8, 2018
    risk 0.57cvss 8.8epss 0.03

    Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.

  • CVE-2012-5359HigFeb 8, 2018
    risk 0.57cvss 8.8epss 0.03

    Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.

  • CVE-2017-15672HigNov 6, 2017
    risk 0.57cvss 8.8epss 0.02

    The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.

  • CVE-2017-14796HigSep 28, 2017
    risk 0.57cvss 8.8epss 0.02

    The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in…

  • CVE-2017-14795HigSep 28, 2017
    risk 0.57cvss 8.8epss 0.01

    The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in…

  • CVE-2017-14767HigSep 27, 2017
    risk 0.57cvss 8.8epss 0.03

    The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp…

  • CVE-2017-14225HigSep 9, 2017
    risk 0.57cvss 8.8epss 0.03

    The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer…

  • CVE-2017-14169HigSep 7, 2017
    risk 0.57cvss 8.8epss 0.03

    In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing…

  • CVE-2017-9992HigJun 28, 2017
    risk 0.57cvss 8.8epss 0.03

    Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have…

  • CVE-2017-9990HigJun 28, 2017
    risk 0.57cvss 8.8epss 0.03

    Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2017-5050HigApr 25, 2017
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

  • CVE-2017-5048HigApr 25, 2017
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

  • CVE-2016-10192CriFeb 9, 2017
    risk 0.57cvss 9.8epss 0.06

    Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.

  • CVE-2016-10191CriFeb 9, 2017
    risk 0.57cvss 9.8epss 0.07

    Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.

  • CVE-2016-10190CriFeb 9, 2017
    risk 0.57cvss 9.8epss 0.08

    Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.

  • CVE-2016-5199HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.01

    An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a…

  • CVE-2016-2330HigFeb 12, 2016
    risk 0.57cvss 8.8epss 0.03

    libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image,…

  • CVE-2016-2329HigFeb 12, 2016
    risk 0.57cvss 8.8epss 0.03

    libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF…

  • CVE-2016-2328HigFeb 12, 2016
    risk 0.57cvss 8.8epss 0.03

    libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the…

  • CVE-2016-2327HigFeb 12, 2016
    risk 0.57cvss 8.8epss 0.03

    libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the…

  • CVE-2016-2326HigFeb 12, 2016
    risk 0.57cvss 8.8epss 0.03

    Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.

  • CVE-2015-8663HigDec 24, 2015
    risk 0.54cvss 8.3epss 0.02

    The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file.

  • CVE-2015-8661HigDec 24, 2015
    risk 0.54cvss 8.3epss 0.02

    The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly…

  • CVE-2017-11719HigJul 28, 2017
    risk 0.51cvss 7.8epss 0.02

    The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.

  • CVE-2017-11399HigJul 17, 2017
    risk 0.51cvss 7.8epss 0.02

    Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.

  • CVE-2017-9996HigJun 28, 2017
    risk 0.51cvss 7.8epss 0.02

    The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer…

  • CVE-2017-9995HigJun 28, 2017
    risk 0.51cvss 7.8epss 0.02

    libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2017-9994HigJun 28, 2017
    risk 0.51cvss 7.8epss 0.02

    libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or…

  • CVE-2017-9991HigJun 28, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly…

  • CVE-2012-5361HigMar 20, 2017
    risk 0.51cvss 7.8epss 0.03

    Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.

  • CVE-2016-7502HigDec 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.

  • CVE-2016-7450HigDec 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.

  • CVE-2016-6671HigDec 23, 2016
    risk 0.51cvss 7.8epss 0.02

    The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.

  • CVE-2017-9993HigJun 28, 2017
    risk 0.50cvss 7.5epss 0.16

    FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.

  • CVE-2012-2805HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.02

    Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.

Page 1 of 11