Total
429 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2796 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes." | |||||
| CVE-2009-4637 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 10.0 HIGH | N/A |
| FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. | |||||
| CVE-2013-0851 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access. | |||||
| CVE-2013-2496 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 7.5 HIGH | N/A |
| The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data. | |||||
| CVE-2013-0858 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels. | |||||
| CVE-2013-0844 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access. | |||||
| CVE-2011-3944 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 6.8 MEDIUM | N/A |
| The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data. | |||||
| CVE-2013-0872 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 10.0 HIGH | N/A |
| The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access. | |||||
| CVE-2012-0847 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 4.3 MEDIUM | N/A |
| Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file. | |||||
| CVE-2011-3947 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file. | |||||
| CVE-2010-4705 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480. | |||||
| CVE-2012-2774 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 5.0 MEDIUM | N/A |
| The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, related to starting "a frame outside SETUP state." | |||||
| CVE-2012-2775 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof." | |||||
| CVE-2013-7011 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 6.8 MEDIUM | N/A |
| The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. | |||||
| CVE-2011-3936 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 4.3 MEDIUM | N/A |
| The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file. | |||||
| CVE-2011-0722 | 2 Ffmpeg, Mplayerhq | 2 Ffmpeg, Mplayer | 2025-04-11 | 6.8 MEDIUM | N/A |
| FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. | |||||
| CVE-2012-2792 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame. | |||||
| CVE-2013-0860 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. | |||||
| CVE-2012-2788 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk." | |||||
| CVE-2013-2277 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 7.5 HIGH | N/A |
| The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data. | |||||