Total
481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2781 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780. | |||||
| CVE-2017-11399 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. | |||||
| CVE-2016-10190 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. | |||||
| CVE-2017-11719 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. | |||||
| CVE-2017-16840 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. | |||||
| CVE-2017-15672 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. | |||||
| CVE-2017-9608 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. | |||||
| CVE-2017-9994 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. | |||||
| CVE-2017-7866 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. | |||||
| CVE-2017-17081 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. | |||||
| CVE-2017-7859 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. | |||||
| CVE-2017-9991 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2012-2805 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. | |||||
| CVE-2017-14058 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). | |||||
| CVE-2012-2780 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781. | |||||
| CVE-2017-14059 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 7.1 HIGH | 6.5 MEDIUM |
| In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | |||||
| CVE-2017-15186 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | |||||
| CVE-2017-17555 | 2 Aubio, Ffmpeg | 3 Aubio, Ffmpeg, Libswresample | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. | |||||
| CVE-2017-14055 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 7.1 HIGH | 6.5 MEDIUM |
| In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop. | |||||
| CVE-2017-9992 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||