Total
481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0858 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2026-04-29 | 6.8 MEDIUM | N/A |
| The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free". | |||||
| CVE-2010-3908 | 2 Ffmpeg, Mplayerhq | 2 Ffmpeg, Mplayer | 2026-04-29 | 6.8 MEDIUM | N/A |
| FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. | |||||
| CVE-2011-3929 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2026-04-29 | 6.8 MEDIUM | N/A |
| The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file. | |||||
| CVE-2011-3952 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2026-04-29 | 6.8 MEDIUM | N/A |
| The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file. | |||||
| CVE-2012-0848 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-29 | 4.3 MEDIUM | N/A |
| Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file, related to an incorrect calculation, aka "wrong samples count." | |||||
| CVE-2009-4639 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-29 | 4.3 MEDIUM | N/A |
| The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. | |||||
| CVE-2013-3675 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-29 | 4.3 MEDIUM | N/A |
| The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data. | |||||
| CVE-2012-2800 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2026-04-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array." | |||||
| CVE-2012-2776 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2026-04-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to an "out of picture write." | |||||
| CVE-2009-4635 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-29 | 9.3 HIGH | N/A |
| FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow. | |||||
| CVE-2012-2802 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2026-04-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes." | |||||
| CVE-2012-2804 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2026-04-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width. | |||||
| CVE-2011-2161 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-29 | 4.3 MEDIUM | N/A |
| The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames. | |||||
| CVE-2012-2796 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2026-04-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes." | |||||
| CVE-2009-4637 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-29 | 10.0 HIGH | N/A |
| FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. | |||||
| CVE-2013-2496 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-29 | 7.5 HIGH | N/A |
| The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data. | |||||
| CVE-2012-0847 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-29 | 4.3 MEDIUM | N/A |
| Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file. | |||||
| CVE-2011-3947 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2026-04-29 | 6.8 MEDIUM | N/A |
| Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file. | |||||
| CVE-2010-4705 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-29 | 9.3 HIGH | N/A |
| Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480. | |||||
| CVE-2012-2774 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-29 | 5.0 MEDIUM | N/A |
| The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, related to starting "a frame outside SETUP state." | |||||