Vendor CVEs
FFmpeg
All CVEs
510 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-4637 | 0.04 | — | 0.17 | Feb 10, 2010 | FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. | |||
| CVE-2008-3162 | 0.04 | — | 0.09 | Jul 14, 2008 | Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors. | |||
| CVE-2011-4352 | 0.01 | — | 0.07 | Aug 20, 2012 | Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers… | |||
| CVE-2009-4635 | 0.01 | — | 0.08 | Feb 10, 2010 | FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a… | |||
| CVE-2009-4634 | 0.01 | — | 0.07 | Feb 10, 2010 | Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from… | |||
| CVE-2009-4633 | 0.01 | — | 0.08 | Feb 10, 2010 | vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer… | |||
| CVE-2009-0385 | 0.01 | — | 0.07 | Feb 2, 2009 | Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. | |||
| CVE-2026-58049 | 0.00 | — | 0.00 | Jun 29, 2026 | FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past… | |||
| CVE-2026-12706 | 0.00 | — | 0.00 | Jun 19, 2026 | A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker… | |||
| CVE-2026-8461 | 0.00 | — | 0.00 | Jun 18, 2026 | An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This… | |||
| CVE-2025-69693 | 0.00 | — | 0.00 | Mar 16, 2026 | Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base value 63 from 6-bit frame… | |||
| CVE-2025-12343 | 0.00 | — | 0.00 | Feb 18, 2026 | A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can… | |||
| CVE-2025-10256 | 0.00 | — | 0.00 | Feb 18, 2026 | A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a… | |||
| CVE-2025-63757 | 0.00 | — | 0.00 | Dec 18, 2025 | Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0. | |||
| CVE-2025-57613 | 0.00 | — | 0.00 | Sep 2, 2025 | An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of service. The vulnerability is triggered when the avio_alloc_context() call fails and returns… | |||
| CVE-2025-57612 | 0.00 | — | 0.00 | Sep 2, 2025 | An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check for a NULL return value from the… | |||
| CVE-2025-57616 | 0.00 | — | 0.00 | Sep 2, 2025 | An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of service or memory corruption. The method violates Rust's aliasing rules by modifying a data structure through… | |||
| CVE-2025-57611 | 0.00 | — | 0.00 | Sep 2, 2025 | An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the dump() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check the return value of avfilter_graph_dump()… | |||
| CVE-2025-57615 | 0.00 | — | 0.00 | Sep 2, 2025 | An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. The vulnerability stems from an unchecked cast of a usize… | |||
| CVE-2025-57614 | 0.00 | — | 0.00 | Sep 2, 2025 | An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability occurs when dimension parameters are… | |||
| CVE-2024-55069 | 0.00 | — | 0.00 | May 2, 2025 | ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c. | |||
| CVE-2025-1594 | 0.00 | — | 0.01 | Feb 23, 2025 | A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate… | |||
| CVE-2025-25469 | 0.00 | — | 0.00 | Feb 18, 2025 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. | |||
| CVE-2025-22921 | 0.00 | — | 0.00 | Feb 18, 2025 | FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | |||
| CVE-2025-25468 | 0.00 | — | 0.00 | Feb 18, 2025 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. | |||
| CVE-2025-1373 | 0.00 | — | 0.00 | Feb 17, 2025 | A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to… | |||
| CVE-2025-0518 | 0.00 | — | 0.00 | Jan 16, 2025 | Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. … | |||
| CVE-2023-6605 | 0.00 | — | 0.00 | Jan 6, 2025 | A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs. | |||
| CVE-2023-6604 | 0.00 | — | 0.00 | Jan 6, 2025 | A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation. | |||
| CVE-2023-6601 | 0.00 | — | 0.00 | Jan 6, 2025 | A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions. | |||
| CVE-2024-36613 | 0.00 | — | 0.00 | Jan 3, 2025 | FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. | |||
| CVE-2024-35365 | 0.00 | — | 0.01 | Jan 3, 2025 | FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. | |||
| CVE-2023-6603 | 0.00 | — | 0.01 | Dec 31, 2024 | A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization. | |||
| CVE-2023-6602 | 0.00 | — | 0.00 | Dec 31, 2024 | A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists. | |||
| CVE-2024-35367 | 0.00 | — | 0.01 | Nov 29, 2024 | FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer | |||
| CVE-2024-35366 | 0.00 | — | 0.01 | Nov 29, 2024 | FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without… | |||
| CVE-2024-35369 | 0.00 | — | 0.00 | Nov 29, 2024 | In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions,… | |||
| CVE-2024-36619 | 0.00 | — | 0.01 | Nov 29, 2024 | FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. | |||
| CVE-2024-36615 | 0.00 | — | 0.00 | Nov 29, 2024 | FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. | |||
| CVE-2024-36618 | 0.00 | — | 0.00 | Nov 29, 2024 | FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. | |||
| CVE-2024-36617 | 0.00 | — | 0.00 | Nov 29, 2024 | FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. | |||
| CVE-2024-36616 | 0.00 | — | 0.01 | Nov 29, 2024 | An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. | |||
| CVE-2024-35368 | 0.00 | — | 0.01 | Nov 29, 2024 | FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. | |||
| CVE-2024-7272 | 0.00 | — | 0.01 | Aug 8, 2024 | A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue… | |||
| CVE-2024-7055 | 0.00 | — | 0.01 | Aug 6, 2024 | A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit… | |||
| CVE-2024-32230 | 0.00 | — | 0.00 | Jul 1, 2024 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 | |||
| CVE-2024-32228 | 0.00 | — | 0.00 | Jul 1, 2024 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. | |||
| CVE-2024-32229 | 0.00 | — | 0.00 | Jul 1, 2024 | FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. | |||
| CVE-2023-51794 | 0.00 | — | 0.00 | Apr 26, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. | |||
| CVE-2023-51795 | 0.00 | — | 0.00 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame |
- CVE-2009-4637Feb 10, 2010risk 0.04cvss —epss 0.17
FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.
- CVE-2008-3162Jul 14, 2008risk 0.04cvss —epss 0.09
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.
- CVE-2011-4352Aug 20, 2012risk 0.01cvss —epss 0.07
Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers…
- CVE-2009-4635Feb 10, 2010risk 0.01cvss —epss 0.08
FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a…
- CVE-2009-4634Feb 10, 2010risk 0.01cvss —epss 0.07
Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from…
- CVE-2009-4633Feb 10, 2010risk 0.01cvss —epss 0.08
vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer…
- CVE-2009-0385Feb 2, 2009risk 0.01cvss —epss 0.07
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.
- CVE-2026-58049Jun 29, 2026risk 0.00cvss —epss 0.00
FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past…
- CVE-2026-12706Jun 19, 2026risk 0.00cvss —epss 0.00
A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker…
- CVE-2026-8461Jun 18, 2026risk 0.00cvss —epss 0.00
An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This…
- CVE-2025-69693Mar 16, 2026risk 0.00cvss —epss 0.00
Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base value 63 from 6-bit frame…
- CVE-2025-12343Feb 18, 2026risk 0.00cvss —epss 0.00
A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can…
- CVE-2025-10256Feb 18, 2026risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a…
- CVE-2025-63757Dec 18, 2025risk 0.00cvss —epss 0.00
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
- CVE-2025-57613Sep 2, 2025risk 0.00cvss —epss 0.00
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of service. The vulnerability is triggered when the avio_alloc_context() call fails and returns…
- CVE-2025-57612Sep 2, 2025risk 0.00cvss —epss 0.00
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check for a NULL return value from the…
- CVE-2025-57616Sep 2, 2025risk 0.00cvss —epss 0.00
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of service or memory corruption. The method violates Rust's aliasing rules by modifying a data structure through…
- CVE-2025-57611Sep 2, 2025risk 0.00cvss —epss 0.00
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the dump() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check the return value of avfilter_graph_dump()…
- CVE-2025-57615Sep 2, 2025risk 0.00cvss —epss 0.00
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. The vulnerability stems from an unchecked cast of a usize…
- CVE-2025-57614Sep 2, 2025risk 0.00cvss —epss 0.00
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability occurs when dimension parameters are…
- CVE-2024-55069May 2, 2025risk 0.00cvss —epss 0.00
ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c.
- CVE-2025-1594Feb 23, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate…
- CVE-2025-25469Feb 18, 2025risk 0.00cvss —epss 0.00
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c.
- CVE-2025-22921Feb 18, 2025risk 0.00cvss —epss 0.00
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
- CVE-2025-25468Feb 18, 2025risk 0.00cvss —epss 0.00
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.
- CVE-2025-1373Feb 17, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to…
- CVE-2025-0518Jan 16, 2025risk 0.00cvss —epss 0.00
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. …
- CVE-2023-6605Jan 6, 2025risk 0.00cvss —epss 0.00
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.
- CVE-2023-6604Jan 6, 2025risk 0.00cvss —epss 0.00
A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.
- CVE-2023-6601Jan 6, 2025risk 0.00cvss —epss 0.00
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
- CVE-2024-36613Jan 3, 2025risk 0.00cvss —epss 0.00
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
- CVE-2024-35365Jan 3, 2025risk 0.00cvss —epss 0.01
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.
- CVE-2023-6603Dec 31, 2024risk 0.00cvss —epss 0.01
A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.
- CVE-2023-6602Dec 31, 2024risk 0.00cvss —epss 0.00
A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.
- CVE-2024-35367Nov 29, 2024risk 0.00cvss —epss 0.01
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer
- CVE-2024-35366Nov 29, 2024risk 0.00cvss —epss 0.01
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without…
- CVE-2024-35369Nov 29, 2024risk 0.00cvss —epss 0.00
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions,…
- CVE-2024-36619Nov 29, 2024risk 0.00cvss —epss 0.01
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.
- CVE-2024-36615Nov 29, 2024risk 0.00cvss —epss 0.00
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.
- CVE-2024-36618Nov 29, 2024risk 0.00cvss —epss 0.00
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
- CVE-2024-36617Nov 29, 2024risk 0.00cvss —epss 0.00
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
- CVE-2024-36616Nov 29, 2024risk 0.00cvss —epss 0.01
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.
- CVE-2024-35368Nov 29, 2024risk 0.00cvss —epss 0.01
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
- CVE-2024-7272Aug 8, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue…
- CVE-2024-7055Aug 6, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit…
- CVE-2024-32230Jul 1, 2024risk 0.00cvss —epss 0.00
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
- CVE-2024-32228Jul 1, 2024risk 0.00cvss —epss 0.00
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.
- CVE-2024-32229Jul 1, 2024risk 0.00cvss —epss 0.00
FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column.
- CVE-2023-51794Apr 26, 2024risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
- CVE-2023-51795Apr 19, 2024risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame
Page 3 of 11