Lucene search

K

FFMPEG Security Vulnerabilities

cve
cve

CVE-2012-2784

Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than...

9.1AI Score

0.006EPSS

2012-09-10 10:55 PM
42
cve
cve

CVE-2012-2783

Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to "freeing the returned...

9.2AI Score

0.006EPSS

2012-09-10 10:55 PM
36
cve
cve

CVE-2012-2775

Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in...

9.2AI Score

0.006EPSS

2012-09-10 10:55 PM
32
cve
cve

CVE-2012-2772

Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing with frame...

9.2AI Score

0.006EPSS

2012-09-10 10:55 PM
34
cve
cve

CVE-2012-0853

The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite...

7.5AI Score

0.021EPSS

2012-08-20 06:55 PM
31
cve
cve

CVE-2011-3940

nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers...

8.7AI Score

0.021EPSS

2012-08-20 06:55 PM
41
cve
cve

CVE-2011-3929

The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application...

9.3AI Score

0.024EPSS

2012-08-20 06:55 PM
41
cve
cve

CVE-2021-38114

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to...

5.5CVSS

7.1AI Score

0.004EPSS

2021-08-04 09:15 PM
159
11
cve
cve

CVE-2016-2329

libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to...

8.8CVSS

8.9AI Score

0.006EPSS

2016-02-12 05:59 AM
58
cve
cve

CVE-2015-8365

The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or...

9.3AI Score

0.004EPSS

2015-11-26 05:59 PM
46
cve
cve

CVE-2015-3417

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that...

8.8AI Score

0.017EPSS

2015-04-24 05:59 PM
46
cve
cve

CVE-2014-125023

A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply.....

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-19 06:15 AM
20
16
cve
cve

CVE-2014-125024

A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this...

7.8CVSS

7.4AI Score

0.001EPSS

2022-06-19 06:15 AM
21
16
cve
cve

CVE-2014-125025

A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-19 06:15 AM
22
14
cve
cve

CVE-2014-125020

A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this...

7.8CVSS

7.5AI Score

0.001EPSS

2022-06-19 06:15 AM
19
22
cve
cve

CVE-2014-125022

A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this....

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-19 06:15 AM
25
20
cve
cve

CVE-2014-125009

A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-18 07:15 AM
22
10
cve
cve

CVE-2014-125002

A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-18 07:15 AM
17
16
cve
cve

CVE-2012-2796

Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array...

9.2AI Score

0.005EPSS

2012-09-10 10:55 PM
25
cve
cve

CVE-2012-2790

Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC...

9.2AI Score

0.006EPSS

2012-09-10 10:55 PM
24
cve
cve

CVE-2012-2786

Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array...

9.2AI Score

0.006EPSS

2012-09-10 10:55 PM
28
cve
cve

CVE-2012-2779

Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized...

9.1AI Score

0.006EPSS

2012-09-10 10:55 PM
37
cve
cve

CVE-2012-2777

Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than...

9.1AI Score

0.006EPSS

2012-09-10 10:55 PM
40
cve
cve

CVE-2012-0851

The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary...

7.5AI Score

0.022EPSS

2012-08-20 06:55 PM
38
cve
cve

CVE-2017-16840

The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and...

9.8CVSS

9AI Score

0.005EPSS

2017-11-21 08:29 AM
47
4
cve
cve

CVE-2017-15672

The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds...

8.8CVSS

7.6AI Score

0.008EPSS

2017-11-06 05:29 PM
57
cve
cve

CVE-2015-8364

Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions....

8.9AI Score

0.004EPSS

2015-11-26 05:59 PM
45
cve
cve

CVE-2015-6826

The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40...

8.8AI Score

0.006EPSS

2015-09-06 02:59 AM
46
cve
cve

CVE-2014-8544

libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF...

8.8AI Score

0.004EPSS

2014-11-05 11:55 AM
30
cve
cve

CVE-2014-7933

Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that...

9.3AI Score

0.009EPSS

2015-01-22 10:59 PM
48
cve
cve

CVE-2014-5271

Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via...

9.1AI Score

0.042EPSS

2014-11-03 04:55 PM
21
cve
cve

CVE-2014-125021

A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-19 06:15 AM
19
20
cve
cve

CVE-2014-125005

A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix.....

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-18 07:15 AM
20
16
cve
cve

CVE-2014-125010

A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-18 07:15 AM
17
10
cve
cve

CVE-2014-125013

A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-18 07:15 AM
17
10
cve
cve

CVE-2014-125015

A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this...

7.8CVSS

7.6AI Score

0.001EPSS

2022-06-18 07:15 AM
18
10
cve
cve

CVE-2012-0858

The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute...

7.5AI Score

0.015EPSS

2022-10-03 04:15 PM
41
cve
cve

CVE-2012-0852

The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM.....

7.6AI Score

0.022EPSS

2012-08-20 06:55 PM
34
cve
cve

CVE-2011-4352

Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial.....

9.6AI Score

0.024EPSS

2022-10-03 04:15 PM
32
cve
cve

CVE-2011-3952

The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette...

9.4AI Score

0.013EPSS

2022-10-03 04:15 PM
41
cve
cve

CVE-2011-3951

The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted...

9.3AI Score

0.013EPSS

2022-10-03 04:15 PM
42
cve
cve

CVE-2011-3936

The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a...

8.6AI Score

0.01EPSS

2012-08-20 06:55 PM
46
cve
cve

CVE-2020-22054

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in...

6.5CVSS

7.4AI Score

0.003EPSS

2021-06-02 06:15 PM
121
2
cve
cve

CVE-2016-2330

libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and...

8.8CVSS

8.9AI Score

0.007EPSS

2016-02-12 05:59 AM
54
cve
cve

CVE-2015-6818

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a...

8.7AI Score

0.004EPSS

2015-09-06 02:59 AM
44
cve
cve

CVE-2015-6761

The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and...

8.9AI Score

0.006EPSS

2015-10-15 10:59 AM
58
cve
cve

CVE-2014-8548

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video...

8.9AI Score

0.006EPSS

2014-11-05 11:55 AM
28
cve
cve

CVE-2014-8541

libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via....

8.9AI Score

0.006EPSS

2014-11-05 11:55 AM
30
cve
cve

CVE-2014-125017

A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix...

7.8CVSS

7.6AI Score

0.001EPSS

2022-06-18 07:15 AM
18
8
cve
cve

CVE-2014-125004

A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-18 07:15 AM
22
16
Total number of security vulnerabilities429