Denial Of Service (DoS)

ffmpeg is vulnerable to denial of service. The decodeinit function in libavcodec/utvideodec.c allows remote attackers to cause a denial of service via a malicious AVI file...

Arbitrary Code Execution

ffmpeg is vulnerable to arbitrary code execution. The vulnerability exists as the avcolorprimariesname function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodecstring...

CVE-2020-12284

cbsjpegsplitfragment in libavcodec/cbsjpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEGMARKERSOS handling because of a missing length check...

CVE-2020-12284

cbsjpegsplitfragment in libavcodec/cbsjpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEGMARKERSOS handling because of a missing length check...

CVE-2020-12284

FFmpeg contains a heap-based buffer overflow in libavcodec/cbs_jpeg.c (cbs_jpeg_split_fragment) in versions 4.1 and 4.2.2, triggered during JPEG_MARKER_SOS processing due to a missing length check. This could lead to memory corruption. Several advisories reference CVE-2020-12284; fixes were issue...

CVE-2019-17542

FFmpeg before 4.2 has a heap-based buffer overflow in vqadecodechunk because of an out-of-array access in vqadecodeinit in libavcodec/vqavideo.c...

CVE-2019-17542

FFmpeg before 4.2 has a heap-based buffer overflow in vqadecodechunk because of an out-of-array access in vqadecodeinit in libavcodec/vqavideo.c...

CVE-2019-17542

FFmpeg before 4.2 has a heap-based buffer overflow in vqadecodechunk because of an out-of-array access in vqadecodeinit in libavcodec/vqavideo.c...

Null pointer dereference

In FFmpeg before 4.2, avcodecopen2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer...

CVE-2019-17539

In FFmpeg before 4.2, avcodecopen2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer...

UBUNTU-CVE-2019-17539

In FFmpeg before 4.2, avcodecopen2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer...

CVE-2019-17539

In FFmpeg before 4.2, avcodecopen2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer...

CVE-2019-17539

CVE-2019-17539 affects FFmpeg prior to 4.2, where avcodec_open2 in libavcodec/utils.c dereferences a NULL close function pointer, leading to a NULL pointer dereference and possibly unspecified other impact. Affected software is FFmpeg’s libavcodec component; root cause is a NULL pointer dereferen...

CVE-2019-17539

In FFmpeg before 4.2, avcodecopen2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer...

CVE-2019-17542

FFmpeg before 4.2 has a heap-based buffer overflow in vqadecodechunk because of an out-of-array access in vqadecodeinit in libavcodec/vqavideo.c...

FFmpeg Null Pointer Dereference Vulnerability

FFmpeg is a set of open source computer programs that can be used to record, convert digital audio and video to streams under the LGPL or GPL license. A null pointer dereference vulnerability exists in avcodecopen2 in libavcodec/utils.c in versions of FFmpeg prior to 4.2, which can be exploited b...

CVE-2019-9719

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a...

Format string

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c has a complex format argument to sscanf...

CVE-2019-9720

CVE-2019-9720 affects Libav 12.3: a stack-based buffer overflow in the subtitle decoder due to incorrect use of snprintf in libavcodec/srtdec.c (srt_to_ass). Exploitation via a crafted Matroska video file can corrupt the stack. No explicit remediation details are given in the provided documents; ...

CVE-2019-9719

Libav 12.3 contains a stack-based buffer overflow in the subtitle decoder (srt_to_ass in libavcodec/srtdec.c) triggered by crafted Matroska video files; the issue stems from misusing snprintf. Multiple sources (Red Hat, SUSE, Ubuntu, OSV, and others) describe a vulnerability with claims of disput...