Total
419 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22051 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. | |||||
| CVE-2020-22056 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. | |||||
| CVE-2020-22024 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. | |||||
| CVE-2020-24020 | 1 Ffmpeg | 1 Ffmpeg | 2021-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-20448 | 1 Ffmpeg | 1 Ffmpeg | 2021-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. | |||||
| CVE-2020-24995 | 1 Ffmpeg | 1 Ffmpeg | 2021-04-02 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). | |||||
| CVE-2018-6621 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-03-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. | |||||
| CVE-2018-12458 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-02-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | |||||
| CVE-2018-14395 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-02-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. | |||||
| CVE-2017-16840 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. | |||||
| CVE-2017-17081 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. | |||||
| CVE-2017-14171 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-05 | 7.1 HIGH | 6.5 MEDIUM |
| In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop. | |||||
| CVE-2017-11399 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. | |||||
| CVE-2017-11719 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | 6.8 MEDIUM | 7.8 HIGH |
| The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. | |||||
| CVE-2017-14169 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. | |||||
| CVE-2017-14170 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | 7.1 HIGH | 6.5 MEDIUM |
| In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file. | |||||
| CVE-2018-13300 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-01-04 | 5.8 MEDIUM | 8.1 HIGH |
| In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. | |||||
| CVE-2017-15672 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. | |||||
| CVE-2017-14058 | 1 Ffmpeg | 1 Ffmpeg | 2020-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). | |||||
| CVE-2011-4031 | 1 Ffmpeg | 1 Ffmpeg | 2020-12-16 | 6.8 MEDIUM | N/A |
| Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet. | |||||