Filtered by vendor Ffmpeg
Subscribe
Total
428 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-22862 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-02 | N/A | 9.8 CRITICAL |
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | |||||
CVE-2024-22861 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-02 | N/A | 7.5 HIGH |
Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | |||||
CVE-2024-22860 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-02 | N/A | 9.8 CRITICAL |
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | |||||
CVE-2023-46407 | 1 Ffmpeg | 1 Ffmpeg | 2024-01-30 | N/A | 5.5 MEDIUM |
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. | |||||
CVE-2022-48434 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-23 | N/A | 8.1 HIGH |
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). | |||||
CVE-2022-3965 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-23 | N/A | 8.1 HIGH |
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. | |||||
CVE-2022-3964 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-23 | N/A | 8.1 HIGH |
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. | |||||
CVE-2022-1475 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-23 | 4.3 MEDIUM | 5.5 MEDIUM |
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. | |||||
CVE-2021-38291 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2023-12-23 | 5.0 MEDIUM | 7.5 HIGH |
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. | |||||
CVE-2021-38171 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2023-12-23 | 7.5 HIGH | 9.8 CRITICAL |
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. | |||||
CVE-2021-33815 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-23 | 6.8 MEDIUM | 8.8 HIGH |
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. | |||||
CVE-2023-47470 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | N/A | 7.8 HIGH |
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c | |||||
CVE-2020-36138 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | N/A | 7.5 HIGH |
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). | |||||
CVE-2021-28429 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | N/A | 5.5 MEDIUM |
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. | |||||
CVE-2022-3109 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | N/A | 7.5 HIGH |
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | |||||
CVE-2022-3341 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | N/A | 5.3 MEDIUM |
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. | |||||
CVE-2022-2566 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | N/A | 7.8 HIGH |
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 | |||||
CVE-2014-125018 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | |||||
CVE-2014-125012 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
CVE-2014-125009 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |