Filtered by vendor Ffmpeg
Subscriptions
Filtered by product Ffmpeg
Subscriptions
Total
486 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36613 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.2 Medium |
| FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. | ||||
| CVE-2024-32228 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.6 Medium |
| FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. | ||||
| CVE-2024-32229 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 8.4 High |
| FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. | ||||
| CVE-2022-2566 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-21 | 9 Critical |
| A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 | ||||
| CVE-2016-10190 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. | ||||
| CVE-2017-11399 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. | ||||
| CVE-2016-10191 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. | ||||
| CVE-2017-14058 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). | ||||
| CVE-2013-0870 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. | ||||
| CVE-2017-9608 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. | ||||
| CVE-2012-2773 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | ||||
| CVE-2016-6920 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. | ||||
| CVE-2017-9994 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
| libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. | ||||
| CVE-2016-6164 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. | ||||
| CVE-2016-10192 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. | ||||
| CVE-2017-15186 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | ||||
| CVE-2017-9993 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
| FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. | ||||
| CVE-2017-17555 | 2 Aubio, Ffmpeg | 3 Aubio, Ffmpeg, Libswresample | 2025-04-20 | N/A |
| The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. | ||||
| CVE-2017-7859 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. | ||||
| CVE-2017-14767 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. | ||||