Lucene search

K

FFMPEG Security Vulnerabilities

cve
cve

CVE-2012-2783

Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to "freeing the returned...

9.2AI Score

0.006EPSS

2012-09-10 10:55 PM
36
cve
cve

CVE-2012-2784

Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than...

9.1AI Score

0.006EPSS

2012-09-10 10:55 PM
42
cve
cve

CVE-2012-2775

Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in...

9.2AI Score

0.006EPSS

2012-09-10 10:55 PM
32
cve
cve

CVE-2012-2772

Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing with frame...

9.2AI Score

0.006EPSS

2012-09-10 10:55 PM
34
cve
cve

CVE-2012-0853

The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite...

7.5AI Score

0.021EPSS

2012-08-20 06:55 PM
31
cve
cve

CVE-2011-3940

nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers...

8.7AI Score

0.021EPSS

2012-08-20 06:55 PM
41
cve
cve

CVE-2011-3929

The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application...

9.3AI Score

0.024EPSS

2012-08-20 06:55 PM
41
cve
cve

CVE-2020-22054

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in...

6.5CVSS

7.4AI Score

0.002EPSS

2021-06-02 06:15 PM
121
2
cve
cve

CVE-2016-2330

libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and...

8.8CVSS

8.9AI Score

0.007EPSS

2016-02-12 05:59 AM
54
cve
cve

CVE-2015-6818

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a...

8.7AI Score

0.004EPSS

2015-09-06 02:59 AM
43
cve
cve

CVE-2015-6761

The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and...

8.9AI Score

0.006EPSS

2015-10-15 10:59 AM
57
cve
cve

CVE-2014-8548

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video...

8.9AI Score

0.006EPSS

2014-11-05 11:55 AM
28
cve
cve

CVE-2014-8541

libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via....

8.9AI Score

0.006EPSS

2014-11-05 11:55 AM
30
cve
cve

CVE-2014-125017

A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix...

7.8CVSS

7.6AI Score

0.001EPSS

2022-06-18 07:15 AM
18
8
cve
cve

CVE-2014-125004

A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-18 07:15 AM
22
16
cve
cve

CVE-2014-125006

A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.3AI Score

0.001EPSS

2022-06-18 07:15 AM
20
16
cve
cve

CVE-2012-2802

Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array...

9.2AI Score

0.006EPSS

2012-09-10 10:55 PM
24
cve
cve

CVE-2012-2803

Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size...

9.2AI Score

0.007EPSS

2012-09-10 10:55 PM
36
cve
cve

CVE-2012-2800

Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small....

9.1AI Score

0.006EPSS

2012-09-10 10:55 PM
27
cve
cve

CVE-2012-2798

Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array...

9.2AI Score

0.006EPSS

2012-09-10 10:55 PM
30
cve
cve

CVE-2012-2789

Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients...

9.1AI Score

0.006EPSS

2012-09-10 10:55 PM
23
cve
cve

CVE-2012-2788

Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is...

9.1AI Score

0.006EPSS

2012-09-10 10:55 PM
43
cve
cve

CVE-2011-4364

Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly....

9.4AI Score

0.016EPSS

2022-10-03 04:15 PM
42
cve
cve

CVE-2011-3945

The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly.....

9.3AI Score

0.013EPSS

2022-10-03 04:15 PM
28
cve
cve

CVE-2011-3362

Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a.....

9.6AI Score

0.015EPSS

2022-10-03 04:15 PM
36
cve
cve

CVE-2017-16840

The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and...

9.8CVSS

9AI Score

0.005EPSS

2017-11-21 08:29 AM
47
4
cve
cve

CVE-2017-15672

The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds...

8.8CVSS

7.6AI Score

0.008EPSS

2017-11-06 05:29 PM
57
cve
cve

CVE-2015-8364

Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions....

8.9AI Score

0.004EPSS

2015-11-26 05:59 PM
44
cve
cve

CVE-2015-6826

The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40...

8.8AI Score

0.006EPSS

2015-09-06 02:59 AM
45
cve
cve

CVE-2014-8544

libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF...

8.8AI Score

0.004EPSS

2014-11-05 11:55 AM
30
cve
cve

CVE-2014-7933

Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that...

9.3AI Score

0.009EPSS

2015-01-22 10:59 PM
48
cve
cve

CVE-2014-5271

Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via...

9.1AI Score

0.042EPSS

2014-11-03 04:55 PM
21
cve
cve

CVE-2014-125021

A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-19 06:15 AM
19
20
cve
cve

CVE-2014-125015

A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this...

7.8CVSS

7.6AI Score

0.001EPSS

2022-06-18 07:15 AM
18
10
cve
cve

CVE-2014-125005

A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix.....

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-18 07:15 AM
20
16
cve
cve

CVE-2014-125013

A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-18 07:15 AM
17
10
cve
cve

CVE-2014-125010

A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-18 07:15 AM
17
10
cve
cve

CVE-2012-0858

The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute...

7.5AI Score

0.015EPSS

2022-10-03 04:15 PM
40
cve
cve

CVE-2012-0852

The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM.....

7.6AI Score

0.022EPSS

2012-08-20 06:55 PM
34
cve
cve

CVE-2011-4352

Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial.....

9.6AI Score

0.024EPSS

2022-10-03 04:15 PM
31
cve
cve

CVE-2011-3952

The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette...

9.4AI Score

0.013EPSS

2022-10-03 04:15 PM
40
cve
cve

CVE-2011-3951

The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted...

9.3AI Score

0.013EPSS

2022-10-03 04:15 PM
41
cve
cve

CVE-2011-3936

The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a...

8.6AI Score

0.01EPSS

2012-08-20 06:55 PM
46
cve
cve

CVE-2020-22049

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in...

6.5CVSS

7.4AI Score

0.002EPSS

2021-06-02 04:15 PM
107
2
cve
cve

CVE-2020-22029

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential...

8.8CVSS

9.2AI Score

0.005EPSS

2021-05-27 06:15 PM
38
4
cve
cve

CVE-2015-1872

The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via...

7AI Score

0.006EPSS

2015-07-26 10:59 PM
40
cve
cve

CVE-2014-9604

libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2)...

7.3AI Score

0.004EPSS

2015-01-16 08:59 PM
38
cve
cve

CVE-2014-7937

Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I...

9.5AI Score

0.012EPSS

2015-01-22 10:59 PM
40
cve
cve

CVE-2014-125018

A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.3AI Score

0.001EPSS

2022-06-19 06:15 AM
19
20
cve
cve

CVE-2014-125016

A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this...

5.5CVSS

5.4AI Score

0.001EPSS

2022-06-18 07:15 AM
18
8
Total number of security vulnerabilities429