Vulnerabilities (CVE)

Filtered by vendor Ffmpeg Subscribe
Filtered by product Ffmpeg
Total 427 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2839 3 Ffmpeg, Linux, Mozilla 3 Ffmpeg, Linux Kernel, Firefox 2024-10-22 4.3 MEDIUM 6.5 MEDIUM
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.
CVE-2022-48434 1 Ffmpeg 1 Ffmpeg 2024-10-21 N/A 8.1 HIGH
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
CVE-2024-32230 1 Ffmpeg 1 Ffmpeg 2024-08-22 N/A 7.8 HIGH
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
CVE-2024-7272 1 Ffmpeg 1 Ffmpeg 2024-08-13 7.5 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2023-39018 1 Ffmpeg 1 Ffmpeg 2024-08-02 N/A 9.8 CRITICAL
FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which FFmpeg.java uses untrusted input for the path of the executable file.
CVE-2023-47470 1 Ffmpeg 1 Ffmpeg 2024-02-05 N/A 7.8 HIGH
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c
CVE-2021-28429 1 Ffmpeg 1 Ffmpeg 2024-02-05 N/A 5.5 MEDIUM
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.
CVE-2023-46407 1 Ffmpeg 1 Ffmpeg 2024-02-05 N/A 5.5 MEDIUM
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.
CVE-2020-36138 1 Ffmpeg 1 Ffmpeg 2024-02-05 N/A 7.5 HIGH
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).
CVE-2022-3341 1 Ffmpeg 1 Ffmpeg 2024-02-04 N/A 5.3 MEDIUM
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
CVE-2022-3109 1 Ffmpeg 1 Ffmpeg 2024-02-04 N/A 7.5 HIGH
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
CVE-2022-2566 1 Ffmpeg 1 Ffmpeg 2024-02-04 N/A 7.8 HIGH
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05
CVE-2022-3964 1 Ffmpeg 1 Ffmpeg 2024-02-04 N/A 8.1 HIGH
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
CVE-2022-3965 1 Ffmpeg 1 Ffmpeg 2024-02-04 N/A 8.1 HIGH
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.
CVE-2014-125009 1 Ffmpeg 1 Ffmpeg 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.
CVE-2014-125023 1 Ffmpeg 1 Ffmpeg 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
CVE-2014-125002 1 Ffmpeg 1 Ffmpeg 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
CVE-2014-125014 1 Ffmpeg 1 Ffmpeg 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
CVE-2022-1475 1 Ffmpeg 1 Ffmpeg 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
CVE-2014-125008 1 Ffmpeg 1 Ffmpeg 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.