Filtered by vendor Ffmpeg
Subscribe
Total
482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-63757 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 7.5 HIGH |
| Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0. | |||||
| CVE-2025-25469 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 6.5 MEDIUM |
| FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. | |||||
| CVE-2025-25468 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 6.5 MEDIUM |
| FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. | |||||
| CVE-2025-22921 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2026-06-17 | N/A | 6.5 MEDIUM |
| FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | |||||
| CVE-2025-1594 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1373 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-12343 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 3.3 LOW |
| A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions. | |||||
| CVE-2025-10256 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 5.3 MEDIUM |
| A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service. | |||||
| CVE-2025-0518 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 5.3 MEDIUM |
| Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman | |||||
| CVE-2024-7272 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-7055 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. | |||||
| CVE-2024-55069 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 5.3 MEDIUM |
| ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c. | |||||
| CVE-2024-36619 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 5.3 MEDIUM |
| FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. | |||||
| CVE-2024-36618 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 6.2 MEDIUM |
| FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. | |||||
| CVE-2024-36617 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 6.2 MEDIUM |
| FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. | |||||
| CVE-2024-36616 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 6.5 MEDIUM |
| An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. | |||||
| CVE-2024-36615 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 5.9 MEDIUM |
| FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. | |||||
| CVE-2024-36613 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 6.2 MEDIUM |
| FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. | |||||
| CVE-2024-35369 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 5.5 MEDIUM |
| In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. | |||||
| CVE-2024-35368 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 9.8 CRITICAL |
| FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. | |||||