PT-2026-48239

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

DEBIAN-CVE-2025-69693

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder libavcodec/rv60dec.c. The quantization parameter qp validation at line 2267 only checks the lower bound qp 0 but is missing upper bound validation. The qp value can reach 65 base value 63 from 6-bit frame header + offset +2 from...

CVE-2025-22921

FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c...

PT-2024-4527

Name of the Vulnerable Software and Affected Versions: Ffmpeg version N113007-g8d24a28d06 Description: The issue is related to a buffer overflow in the areverse request frame component of the libavfilter module in the Ffmpeg library. This occurs due to the lack of size checking for input data...

UBUNTU-CVE-2014-125006

A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function outputframe of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this...

UBUNTU-CVE-2018-13301

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service...

Libav 'mov_read_dref' Function Denial of Service Vulnerability

Libav is a cross-platform solution for recording and converting audio and video from the Libav team, and FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A denial of service vulnerability exists in the 'movreaddref' function in the...

ALPINE-CVE-2016-2330

libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted .tga file, related to the gifimagewriteimage, gifencodeinit, and...

UBUNTU-CVE-2016-2330

libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted .tga file, related to the gifimagewriteimage, gifencodeinit, and...

UBUNTU-CVE-2015-8364

Integer overflow in the ffiviinitplanes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service out-of-bounds heap-memory access or possibly have unspecified other impact via crafted image dimensions in...

DEBIAN-CVE-2014-9319

The ffhevcdecodenalsps function in libavcodec/hevcps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service out-of-bounds access via a crafted .bit file...

UBUNTU-CVE-2014-8548

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted Quicktime Graphics aka SMC video data...