Filtered by vendor Ffmpeg
Subscriptions
Filtered by product Ffmpeg
Subscriptions
Total
477 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36613 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.2 Medium |
| FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. | ||||
| CVE-2024-31582 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | 7.8 High |
| FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. | ||||
| CVE-2024-32228 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.6 Medium |
| FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. | ||||
| CVE-2024-32229 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 8.4 High |
| FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. | ||||
| CVE-2024-31581 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | 9.8 Critical |
| FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application. | ||||
| CVE-2023-49502 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | 8.8 High |
| Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. | ||||
| CVE-2023-49501 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | 8.0 High |
| Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. | ||||
| CVE-2023-49528 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | 8.0 High |
| Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. | ||||
| CVE-2022-2566 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-21 | 9 Critical |
| A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 | ||||
| CVE-2017-9992 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
| Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2017-9608 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. | ||||
| CVE-2017-9994 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
| libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. | ||||
| CVE-2017-7865 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
| FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. | ||||
| CVE-2017-14170 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file. | ||||
| CVE-2017-7859 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. | ||||
| CVE-2017-7866 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. | ||||
| CVE-2017-7862 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. | ||||
| CVE-2017-9995 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2017-14057 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. | ||||
| CVE-2017-15186 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | ||||