VYPR

Vendor CVEs

FFmpeg

All CVEs

510 total · sorted by risk
  • CVE-2017-11665HigJul 27, 2017
    risk 0.49cvss 7.5epss 0.02

    The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.

  • CVE-2016-6920HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.03

    Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.

  • CVE-2015-8662HigDec 24, 2015
    risk 0.48cvss 7.3epss 0.02

    The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access)…

  • CVE-2025-9951HigSep 9, 2025
    risk 0.47cvss epss 0.00

    A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.

  • CVE-2017-9608MedDec 27, 2017
    risk 0.43cvss 6.5epss 0.05

    The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.

  • CVE-2026-6385MedApr 15, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment…

  • CVE-2026-30999HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2026-30998HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.

  • CVE-2026-30997HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2025-22919MedFeb 18, 2025
    risk 0.42cvss 6.5epss 0.00

    A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.

  • CVE-2018-15822HigAug 23, 2018
    risk 0.42cvss 7.5epss 0.03

    The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.

  • CVE-2018-7751MedApr 24, 2018
    risk 0.42cvss 6.5epss 0.02

    The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.

  • CVE-2018-10001MedApr 11, 2018
    risk 0.42cvss 6.5epss 0.02

    The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.

  • CVE-2018-6912MedFeb 12, 2018
    risk 0.42cvss 6.5epss 0.02

    The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.

  • CVE-2018-6392MedJan 29, 2018
    risk 0.42cvss 6.5epss 0.02

    The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.

  • CVE-2017-1000460MedJan 3, 2018
    risk 0.42cvss 6.5epss 0.00

    In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.

  • CVE-2017-17555MedDec 12, 2017
    risk 0.42cvss 6.5epss 0.01

    The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

  • CVE-2017-17081MedNov 30, 2017
    risk 0.42cvss 6.5epss 0.02

    The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.

  • CVE-2017-15186MedOct 24, 2017
    risk 0.42cvss 6.5epss 0.02

    Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

  • CVE-2017-14223MedSep 9, 2017
    risk 0.42cvss 6.5epss 0.03

    In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is…

  • CVE-2017-14222MedSep 9, 2017
    risk 0.42cvss 6.5epss 0.02

    In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is…

  • CVE-2017-14171MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient…

  • CVE-2017-14170MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient…

  • CVE-2017-14059MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing…

  • CVE-2017-14058MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).

  • CVE-2017-14057MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided,…

  • CVE-2017-14056MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data,…

  • CVE-2017-14055MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is…

  • CVE-2017-14054MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the…

  • CVE-2016-2213MedFeb 3, 2016
    risk 0.42cvss 6.5epss 0.02

    The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.

  • CVE-2016-1898MedJan 15, 2016
    risk 0.37cvss 5.5epss 0.13

    FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.

  • CVE-2016-1897MedJan 15, 2016
    risk 0.37cvss 5.5epss 0.15

    FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.

  • CVE-2015-1208MedJan 9, 2018
    risk 0.36cvss 5.5epss 0.01

    Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.

  • CVE-2016-9561MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.

  • CVE-2016-8595MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

  • CVE-2016-7905MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.02

    The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.

  • CVE-2016-7785MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

  • CVE-2016-7562MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.02

    The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.

  • CVE-2016-7555MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.

  • CVE-2016-7122MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.

  • CVE-2016-6881MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.

  • CVE-2018-14395MedJul 19, 2018
    risk 0.35cvss 6.5epss 0.02

    libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.

  • CVE-2018-14394MedJul 19, 2018
    risk 0.35cvss 6.5epss 0.01

    libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.

  • CVE-2025-7700MedNov 7, 2025
    risk 0.34cvss 5.3epss 0.00

    A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to…

  • CVE-2026-40962MedApr 16, 2026
    risk 0.32cvss 4.9epss 0.00

    FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.

  • CVE-2025-25473MedFeb 18, 2025
    risk 0.27cvss 5.3epss 0.00

    FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c.

  • CVE-2025-22920MedFeb 18, 2025
    risk 0.27cvss 5.3epss 0.00

    A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS).

  • CVE-2025-8584LowAug 5, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required…

  • CVE-2025-1816MedMar 2, 2025
    risk 0.21cvss 4.3epss 0.01

    A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters…

  • CVE-2025-25471MedFeb 18, 2025
    risk 0.21cvss 4.3epss 0.00

    FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.

Page 2 of 11