Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ffmpeg Subscribe
Total 420 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-5361 1 Ffmpeg 1 Ffmpeg 2018-02-08 6.8 MEDIUM 7.8 HIGH
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.
CVE-2015-1208 1 Ffmpeg 1 Ffmpeg 2018-01-30 4.3 MEDIUM 5.5 MEDIUM
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.
CVE-2017-9608 1 Ffmpeg 1 Ffmpeg 2018-01-17 4.3 MEDIUM 6.5 MEDIUM
The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.
CVE-2017-15186 1 Ffmpeg 1 Ffmpeg 2017-11-28 4.3 MEDIUM 6.5 MEDIUM
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.
CVE-2015-8365 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2017-11-03 6.8 MEDIUM N/A
The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.
CVE-2017-14225 1 Ffmpeg 1 Ffmpeg 2017-11-03 6.8 MEDIUM 8.8 HIGH
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)
CVE-2013-0870 1 Ffmpeg 1 Ffmpeg 2017-09-04 7.5 HIGH 9.8 CRITICAL
The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.
CVE-2012-2805 1 Ffmpeg 1 Ffmpeg 2017-08-31 5.0 MEDIUM 7.5 HIGH
Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.
CVE-2014-2263 1 Ffmpeg 1 Ffmpeg 2017-08-28 6.8 MEDIUM N/A
The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write.
CVE-2012-0848 1 Ffmpeg 1 Ffmpeg 2017-08-28 4.3 MEDIUM N/A
Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file, related to an incorrect calculation, aka "wrong samples count."
CVE-2012-0852 2 Ffmpeg, Libav 2 Ffmpeg, Libav 2017-08-28 6.8 MEDIUM N/A
The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.
CVE-2012-0851 2 Ffmpeg, Libav 2 Ffmpeg, Libav 2017-08-28 6.8 MEDIUM N/A
The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value.
CVE-2012-0859 1 Ffmpeg 1 Ffmpeg 2017-08-28 6.8 MEDIUM N/A
The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893.
CVE-2012-2778 1 Ffmpeg 1 Ffmpeg 2017-08-16 7.5 HIGH 9.8 CRITICAL
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.
CVE-2012-2773 1 Ffmpeg 1 Ffmpeg 2017-08-16 7.5 HIGH 9.8 CRITICAL
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
CVE-2012-2781 1 Ffmpeg 1 Ffmpeg 2017-08-16 7.5 HIGH 9.8 CRITICAL
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.
CVE-2012-2780 1 Ffmpeg 1 Ffmpeg 2017-08-16 7.5 HIGH 9.8 CRITICAL
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.
CVE-2016-2839 3 Ffmpeg, Linux, Mozilla 4 Ffmpeg, Linux Kernel, Firefox and 1 more 2017-08-15 4.3 MEDIUM 6.5 MEDIUM
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.
CVE-2008-4867 2 Ffmpeg, Mplayer 2 Ffmpeg, Mplayer 2017-08-07 10.0 HIGH N/A
Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.
CVE-2008-4869 2 Ffmpeg, Mplayer 2 Ffmpeg, Mplayer 2017-08-07 10.0 HIGH N/A
FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak."