Total
476 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10256 | 1 Ffmpeg | 1 Ffmpeg | 2026-02-26 | N/A | 5.3 MEDIUM |
| A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service. | |||||
| CVE-2025-12343 | 1 Ffmpeg | 1 Ffmpeg | 2026-02-26 | N/A | 3.3 LOW |
| A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions. | |||||
| CVE-2025-25468 | 1 Ffmpeg | 1 Ffmpeg | 2026-01-29 | N/A | 6.5 MEDIUM |
| FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. | |||||
| CVE-2025-25469 | 1 Ffmpeg | 1 Ffmpeg | 2026-01-29 | N/A | 6.5 MEDIUM |
| FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. | |||||
| CVE-2025-22921 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2026-01-12 | N/A | 6.5 MEDIUM |
| FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | |||||
| CVE-2023-51791 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2026-01-07 | N/A | 7.8 HIGH |
| Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map. | |||||
| CVE-2023-51793 | 1 Ffmpeg | 1 Ffmpeg | 2026-01-07 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. | |||||
| CVE-2023-51795 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2026-01-07 | N/A | 8.0 HIGH |
| Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame | |||||
| CVE-2023-51796 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2026-01-07 | N/A | 3.6 LOW |
| Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame. | |||||
| CVE-2023-51797 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2026-01-07 | N/A | 6.7 MEDIUM |
| Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame | |||||
| CVE-2023-51798 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2026-01-07 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate. | |||||
| CVE-2023-51794 | 1 Ffmpeg | 1 Ffmpeg | 2026-01-07 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. | |||||
| CVE-2025-63757 | 1 Ffmpeg | 1 Ffmpeg | 2025-12-30 | N/A | 7.5 HIGH |
| Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0. | |||||
| CVE-2024-31582 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-11-04 | N/A | 7.8 HIGH |
| FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. | |||||
| CVE-2024-31581 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-11-04 | N/A | 9.8 CRITICAL |
| FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application. | |||||
| CVE-2024-31578 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-11-04 | N/A | 7.5 HIGH |
| FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. | |||||
| CVE-2023-49528 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-11-04 | N/A | 8.0 HIGH |
| Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. | |||||
| CVE-2023-49502 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-11-04 | N/A | 8.8 HIGH |
| Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. | |||||
| CVE-2023-49501 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-11-04 | N/A | 8.0 HIGH |
| Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. | |||||
| CVE-2024-7055 | 1 Ffmpeg | 1 Ffmpeg | 2025-11-03 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. | |||||