VYPR

Vendor CVEs

FFmpeg

All CVEs

510 total · sorted by risk
  • CVE-2009-4637Feb 10, 2010
    risk 0.04cvss epss 0.17

    FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.

  • CVE-2008-3162Jul 14, 2008
    risk 0.04cvss epss 0.09

    Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.

  • CVE-2011-4352Aug 20, 2012
    risk 0.01cvss epss 0.07

    Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers…

  • CVE-2009-4635Feb 10, 2010
    risk 0.01cvss epss 0.08

    FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a…

  • CVE-2009-4634Feb 10, 2010
    risk 0.01cvss epss 0.07

    Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from…

  • CVE-2009-4633Feb 10, 2010
    risk 0.01cvss epss 0.08

    vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer…

  • CVE-2009-0385Feb 2, 2009
    risk 0.01cvss epss 0.07

    Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

  • CVE-2026-58049Jun 29, 2026
    risk 0.00cvss epss 0.00

    FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past…

  • CVE-2026-12706Jun 19, 2026
    risk 0.00cvss epss 0.00

    A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker…

  • CVE-2026-8461Jun 18, 2026
    risk 0.00cvss epss 0.00

    An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This…

  • CVE-2025-69693Mar 16, 2026
    risk 0.00cvss epss 0.00

    Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base value 63 from 6-bit frame…

  • CVE-2025-12343Feb 18, 2026
    risk 0.00cvss epss 0.00

    A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can…

  • CVE-2025-10256Feb 18, 2026
    risk 0.00cvss epss 0.00

    A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a…

  • CVE-2025-63757Dec 18, 2025
    risk 0.00cvss epss 0.00

    Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.

  • CVE-2025-57613Sep 2, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of service. The vulnerability is triggered when the avio_alloc_context() call fails and returns…

  • CVE-2025-57612Sep 2, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check for a NULL return value from the…

  • CVE-2025-57616Sep 2, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of service or memory corruption. The method violates Rust's aliasing rules by modifying a data structure through…

  • CVE-2025-57611Sep 2, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the dump() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check the return value of avfilter_graph_dump()…

  • CVE-2025-57615Sep 2, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. The vulnerability stems from an unchecked cast of a usize…

  • CVE-2025-57614Sep 2, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability occurs when dimension parameters are…

  • CVE-2024-55069May 2, 2025
    risk 0.00cvss epss 0.00

    ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c.

  • CVE-2025-1594Feb 23, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate…

  • CVE-2025-25469Feb 18, 2025
    risk 0.00cvss epss 0.00

    FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c.

  • CVE-2025-22921Feb 18, 2025
    risk 0.00cvss epss 0.00

    FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.

  • CVE-2025-25468Feb 18, 2025
    risk 0.00cvss epss 0.00

    FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.

  • CVE-2025-1373Feb 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to…

  • CVE-2025-0518Jan 16, 2025
    risk 0.00cvss epss 0.00

    Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. …

  • CVE-2023-6605Jan 6, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.

  • CVE-2023-6604Jan 6, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.

  • CVE-2023-6601Jan 6, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.

  • CVE-2024-36613Jan 3, 2025
    risk 0.00cvss epss 0.00

    FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.

  • CVE-2024-35365Jan 3, 2025
    risk 0.00cvss epss 0.01

    FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.

  • CVE-2023-6603Dec 31, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.

  • CVE-2023-6602Dec 31, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.

  • CVE-2024-35367Nov 29, 2024
    risk 0.00cvss epss 0.01

    FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer

  • CVE-2024-35366Nov 29, 2024
    risk 0.00cvss epss 0.01

    FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without…

  • CVE-2024-35369Nov 29, 2024
    risk 0.00cvss epss 0.00

    In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions,…

  • CVE-2024-36619Nov 29, 2024
    risk 0.00cvss epss 0.01

    FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.

  • CVE-2024-36615Nov 29, 2024
    risk 0.00cvss epss 0.00

    FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.

  • CVE-2024-36618Nov 29, 2024
    risk 0.00cvss epss 0.00

    FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.

  • CVE-2024-36617Nov 29, 2024
    risk 0.00cvss epss 0.00

    FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.

  • CVE-2024-36616Nov 29, 2024
    risk 0.00cvss epss 0.01

    An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.

  • CVE-2024-35368Nov 29, 2024
    risk 0.00cvss epss 0.01

    FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.

  • CVE-2024-7272Aug 8, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue…

  • CVE-2024-7055Aug 6, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit…

  • CVE-2024-32230Jul 1, 2024
    risk 0.00cvss epss 0.00

    FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0

  • CVE-2024-32228Jul 1, 2024
    risk 0.00cvss epss 0.00

    FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.

  • CVE-2024-32229Jul 1, 2024
    risk 0.00cvss epss 0.00

    FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column.

  • CVE-2023-51794Apr 26, 2024
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.

  • CVE-2023-51795Apr 19, 2024
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame

Page 3 of 11