ffmpeg · threatengine.sh

CVE-2026-40962

< 8.1

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavfo

4.9MEDIUM

CVE-2026-30999

<= 8.0.1

A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) v

7.5HIGH

CVE-2026-30998

<= 8.0.1

An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to

7.5HIGH

CVE-2026-30997

<= 8.0.1

An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denia

7.5HIGH

CVE-2025-69693

all versions

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation a

5.4MEDIUM

CVE-2025-12343

>= 6.1 and < 8.1

A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn

3.3LOW

CVE-2025-10256

>= 3.2 and < 8.0

A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing

5.3MEDIUM

CVE-2025-63757

all versions

Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.

7.5HIGH

CVE-2024-55069

all versions

ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c.

5.3MEDIUM

CVE-2025-1594

<= 7.1

A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns

6.3MEDIUM

CVE-2025-25469

< 2025-01-13

FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c.

6.5MEDIUM

CVE-2025-25468

< 2025-01-13

FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.

6.5MEDIUM

CVE-2025-22921

all versions

FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000de

6.5MEDIUM

CVE-2025-1373

<= 7.1

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_t

3.3LOW

CVE-2025-0518

all versions

Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vuln

5.3MEDIUM

CVE-2023-6605

>= 2.0 and <= 6.0

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of

7.2HIGH

CVE-2023-6604

>= 2.0 and <= 6.0

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading

5.3MEDIUM

CVE-2023-6601

>= 2.0 and <= 6.0

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrar

4.7MEDIUM

CVE-2024-36613

all versions

FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resu

6.2MEDIUM

CVE-2024-35365

all versions

FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within th

8.8HIGH

CVE-2023-6603

>= 2.0 and <= 6.0

A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS pla

7.5HIGH

CVE-2023-6602

>= 2.0 and <= 6.0

A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-com

5.3MEDIUM

CVE-2024-35368

all versions

FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.

9.8CRITICAL

CVE-2024-35367

all versions

FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer

9.1CRITICAL

CVE-2024-35366

all versions

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat modul

9.1CRITICAL

CVE-2024-36616

all versions

An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in

6.5MEDIUM

CVE-2024-36615

all versions

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters wer

5.9MEDIUM

CVE-2024-36618

all versions

FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially

6.2MEDIUM

CVE-2024-36617

< 3.4.14

FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.

6.2MEDIUM

CVE-2024-36619

all versions

FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handli

5.3MEDIUM

CVE-2024-35369

all versions

In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insu

5.5MEDIUM

CVE-2024-7272

< 5.1.6

A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of th

6.3MEDIUM

CVE-2024-7055

< 4.3.8

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in

6.3MEDIUM

CVE-2024-32230

all versions

FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_inpu

7.8HIGH

CVE-2024-32229

all versions

FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column.

8.4HIGH

CVE-2024-32228

all versions

FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.

6.6MEDIUM

CVE-2023-51794

all versions

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilte

7.8HIGH

CVE-2023-51798

all versions

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating poi

7.8HIGH

CVE-2023-51797

all versions

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilte

6.7MEDIUM

CVE-2023-51796

all versions

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilte

3.6LOW

CVE-2023-51795

all versions

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilte

8.0HIGH

CVE-2023-51793

all versions

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/

7.8HIGH

CVE-2023-51791

all versions

Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec

7.8HIGH

CVE-2023-50010

>= 6.1 and < 7.0

FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_en

7.8HIGH

CVE-2023-50009

>= 6.1 and < 7.0

FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c

8.0HIGH

CVE-2023-50008

>= 6.1 and < 7.0

FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/m

7.8HIGH

CVE-2023-50007

>= 6.1 and < 7.0

FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence functi

4.0MEDIUM

CVE-2023-49502

>= 6.1 and < 7.0

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_fi

8.8HIGH

CVE-2023-49501

all versions

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_o

8.0HIGH

CVE-2024-31585

>= 5.1 and < 7.0

FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vu

5.3MEDIUM

CVE-2024-31582

>= 6.1 and < 7.0

FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfi

7.8HIGH

CVE-2024-31581

all versions

FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_te

9.8CRITICAL

CVE-2024-31578

< 7.0

FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.

7.5HIGH

CVE-2023-49528

all versions

Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a

8.0HIGH

CVE-2024-22861

all versions

Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq modu

7.5HIGH

CVE-2024-22862

all versions

Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.

9.8CRITICAL

CVE-2024-22860

all versions

Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_p

9.8CRITICAL

CVE-2023-47470

all versions

Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to

7.8HIGH

CVE-2023-46407

all versions

FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist-alphabet_size variable in the read_vlc_p

5.5MEDIUM

CVE-2021-28429

all versions

Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers

5.5MEDIUM

CVE-2020-36138

all versions

An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of s

7.5HIGH

CVE-2022-48434

< 5.1.2

libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads

8.1HIGH

CVE-2022-3341

< 5.0.3

A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The fla

5.3MEDIUM

CVE-2022-3109

< 5.0.3

An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_ma

7.5HIGH

CVE-2022-3965

>= 5.0 and < 5.0.3

A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the fi

4.3MEDIUM

CVE-2022-3964

>= 4.4 and < 4.4.4

A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c

4.3MEDIUM

CVE-2022-2566

all versions

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in build_open_gop_key_points() goes t

9.0CRITICAL

CVE-2014-125025

all versions

A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation

5.3MEDIUM

CVE-2014-125024

all versions

A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. T

7.3HIGH

CVE-2014-125023

all versions

A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truem

5.3MEDIUM

CVE-2014-125022

all versions

A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of t

5.3MEDIUM

CVE-2014-125021

all versions

A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The man

5.3MEDIUM

CVE-2014-125020

all versions

A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thr

7.3HIGH

CVE-2014-125019

all versions

A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the co

5.3MEDIUM

CVE-2014-125018

all versions

A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_

5.3MEDIUM

CVE-2014-125017

all versions

A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The ma

7.3HIGH

CVE-2014-125016

all versions

A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of

5.3MEDIUM

CVE-2014-125015

all versions

A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulatio

7.3HIGH

CVE-2014-125014

all versions

A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of t

5.3MEDIUM

CVE-2014-125013

all versions

A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the f

5.3MEDIUM

CVE-2014-125012

all versions

A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavc

5.3MEDIUM

CVE-2014-125011

all versions

A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decod

5.3MEDIUM

CVE-2014-125010

all versions

A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header

5.3MEDIUM

CVE-2014-125009

all versions

A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcode

5.3MEDIUM

CVE-2014-125008

all versions

A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavfo

5.3MEDIUM

CVE-2014-125007

all versions

A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of th

5.3MEDIUM

CVE-2014-125006

all versions

A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_

5.3MEDIUM

CVE-2014-125005

all versions

A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the

5.3MEDIUM

CVE-2014-125004

all versions

A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile

5.3MEDIUM

CVE-2014-125003

all versions

A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavco

5.3MEDIUM

CVE-2014-125002

all versions

A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file

5.3MEDIUM

CVE-2022-1475

>= 4.2 and < 4.4.2

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_p

5.5MEDIUM

CVE-2020-23906

all versions

FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verifi

5.5MEDIUM

CVE-2021-38094

all versions

Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause

8.8HIGH

CVE-2021-38093

all versions

Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to caus

8.8HIGH

CVE-2021-38092

all versions

Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cau

8.8HIGH

CVE-2021-38091

all versions

Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cau

8.8HIGH

CVE-2021-38090

all versions

Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to c

8.8HIGH

CVE-2020-20902

all versions

A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computa

6.5MEDIUM

CVE-2020-20898

all versions

Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to c

8.8HIGH

CVE-2020-20896

all versions

An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial

8.8HIGH

CVE-2020-20892

all versions

An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a D

8.8HIGH

CVE-2020-20891

all versions

Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Deni

8.8HIGH

CVE-2021-38171

all versions

adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary s

9.8CRITICAL

CVE-2021-38291

< 4.1.7

FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathemat

7.5HIGH

CVE-2020-21697

all versions

A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of ser

6.5MEDIUM

CVE-2020-21688

all versions

A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.

8.8HIGH

CVE-2021-3566

< 4.3

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconc

5.5MEDIUM

CVE-2021-38114

all versions

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.

5.5MEDIUM

CVE-2021-33815

all versions

dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.

8.8HIGH

CVE-2020-22056

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.

6.5MEDIUM

CVE-2020-22054

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.

6.5MEDIUM

CVE-2020-22051

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.

6.5MEDIUM

CVE-2020-22049

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.

6.5MEDIUM

CVE-2020-22048

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.

6.5MEDIUM

CVE-2020-22046

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/f

6.5MEDIUM

CVE-2020-22044

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavform

6.5MEDIUM

CVE-2020-22043

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.

6.5MEDIUM

CVE-2020-22042

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts

6.5MEDIUM

CVE-2020-22041

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffer

6.5MEDIUM

CVE-2020-22040

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.

6.5MEDIUM

CVE-2020-22039

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.

6.5MEDIUM

CVE-2020-22038

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m

6.5MEDIUM

CVE-2020-22037

all versions

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.

6.5MEDIUM

CVE-2020-22036

all versions

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to mem

8.8HIGH

CVE-2020-22035

all versions

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to mem

8.8HIGH

CVE-2020-22034

all versions

A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption

8.8HIGH

CVE-2020-22033

all versions

A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let

6.5MEDIUM

CVE-2020-22032

all versions

A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to

8.8HIGH

CVE-2020-22027

all versions

A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memo

8.8HIGH

CVE-2020-22025

all versions

A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corr

8.8HIGH

CVE-2020-22023

all versions

A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might le

8.8HIGH

CVE-2020-22022

all versions

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead t

8.8HIGH

CVE-2020-22017

all versions

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead

8.8HIGH

CVE-2020-22016

all versions

A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to mem

8.8HIGH

CVE-2020-22031

all versions

A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might le

8.8HIGH

CVE-2020-22030

all versions

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might l

8.8HIGH

CVE-2020-22029

all versions

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which

8.8HIGH

CVE-2020-22028

all versions

Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote

6.5MEDIUM

CVE-2020-22026

all versions

Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a rem

6.5MEDIUM

CVE-2020-22024

all versions

Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote ma

6.5MEDIUM

CVE-2020-22021

all versions

Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious

6.5MEDIUM

CVE-2020-22020

all versions

Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remot

6.5MEDIUM

CVE-2020-22019

all versions

Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malici

6.5MEDIUM

CVE-2020-22015

all versions

Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could l

8.8HIGH

CVE-2020-24020

all versions

Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a

8.8HIGH

CVE-2020-20453

all versions

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial o

6.5MEDIUM

CVE-2020-20451

all versions

Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c.

7.5HIGH

CVE-2020-20450

all versions

FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Serv

7.5HIGH

CVE-2020-20448

all versions

FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a D

6.5MEDIUM

CVE-2020-20446

all versions

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial o

6.5MEDIUM

CVE-2020-20445

all versions

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of S

6.5MEDIUM

CVE-2020-21041

all versions

Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote mali

7.5HIGH

CVE-2021-30123

all versions

FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.

8.8HIGH

CVE-2020-24995

all versions

Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute ar

7.8HIGH

CVE-2020-35965

>= 4.3.1 and < 4.4

decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform m

7.5HIGH

CVE-2020-35964

all versions

track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.

6.5MEDIUM

CVE-2020-14212

>= 4.3 and < 4.3.1

FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff

8.8HIGH

CVE-2020-13904

all versions

FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.

5.5MEDIUM

CVE-2020-12284

all versions

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS h

9.8CRITICAL

CVE-2014-4610

< 0.10.14

Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0

8.8HIGH

CVE-2019-17542

< 2.8.16

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in lib

9.8CRITICAL

CVE-2019-17539

< 3.4.7

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact

9.8CRITICAL

CVE-2019-15942

<= 4.2

FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer

8.8HIGH

CVE-2019-13390

all versions

In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.

6.5MEDIUM

CVE-2019-13312

all versions

block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.

8.8HIGH

CVE-2019-12730

< 3.2.14

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequen

9.8CRITICAL

CVE-2019-11339

>= 4.0 and < 4.0.4

The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers t

8.8HIGH

CVE-2019-11338

all versions

libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to caus

8.8HIGH

CVE-2019-9721

all versions

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matr

6.5MEDIUM

CVE-2019-9718

all versions

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Mat

6.5MEDIUM

CVE-2019-1000016

all versions

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in

6.5MEDIUM

CVE-2018-15822

<= 2.8

The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to a

7.5HIGH

CVE-2018-1999015

<= 4.0.1

FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer

6.5MEDIUM

CVE-2018-1999014

<= 4.0.1

FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer

6.5MEDIUM

CVE-2018-1999013

<= 4.0.1

FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer tha

6.5MEDIUM

CVE-2018-1999012

<= 4.0.1

FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxe

6.5MEDIUM

CVE-2018-1999011

<= 4.0.1

FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer tha

8.8HIGH

CVE-2018-1999010

< 3.4.3

FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms pro

9.8CRITICAL

CVE-2018-14395

all versions

libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-b

6.5MEDIUM

CVE-2018-14394

< 4.0.2

libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by

6.5MEDIUM

CVE-2018-13305

all versions

In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavco

8.1HIGH

CVE-2018-13304

all versions

In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in lib

6.5MEDIUM

CVE-2018-13303

all versions

In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/a

6.5MEDIUM

CVE-2018-13302

all versions

In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substrea

8.8HIGH

CVE-2018-13301

all versions

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libav

6.5MEDIUM

CVE-2018-13300

all versions

In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3

8.1HIGH

CVE-2018-12460

all versions

libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a c

6.5MEDIUM

CVE-2018-12459

all versions

An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 m

6.5MEDIUM

CVE-2018-12458

all versions

An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger a

6.5MEDIUM

CVE-2018-7751

<= 3.4.2

The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infi

6.5MEDIUM

CVE-2018-10001

<= 3.4.2

The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (

6.5MEDIUM

CVE-2018-9841

<= 3.4.2

The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (ou

8.8HIGH

CVE-2018-7557

>= 2.8 and <= 3.4.2

The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of servi

6.5MEDIUM

CVE-2018-6912

<= 3.4.2

The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service

6.5MEDIUM

CVE-2012-5360

< 0.11

Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.

8.8HIGH

CVE-2012-5359

< 0.11

Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.

8.8HIGH

CVE-2018-6621

<= 3.2

The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (o

6.5MEDIUM

CVE-2018-6392

<= 3.4.1

The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of servi

6.5MEDIUM

CVE-2015-1208

< 2.4.6

Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain s

5.5MEDIUM

CVE-2017-1000460

all versions

In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_b

6.5MEDIUM

CVE-2017-9608

< 3.2.6

The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointe

6.5MEDIUM

CVE-2017-17555

all versions

The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, a

6.5MEDIUM

CVE-2017-17081

all versions

The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which a

6.5MEDIUM

CVE-2017-16840

all versions

The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read)

9.8CRITICAL

CVE-2017-15672

<= 3.3.4

The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unsp

8.8HIGH

CVE-2017-15186

<= 3.3.4

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

6.5MEDIUM

CVE-2017-14767

<= 3.3.3

The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets

8.8HIGH

CVE-2017-14225

all versions

The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contain

8.8HIGH

CVE-2017-14223

all versions

In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause

6.5MEDIUM

CVE-2017-14222

all versions

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memo

6.5MEDIUM

CVE-2017-14171

all versions

In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might

6.5MEDIUM

CVE-2017-14170

all versions

In libavformat/mxfdec.c in FFmpeg 3.3.3 - 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check mig

6.5MEDIUM

CVE-2017-14169

all versions

In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 - 2.4, an integer signedness error might occur when a

8.8HIGH

CVE-2017-14059

all versions

In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a craft

6.5MEDIUM

CVE-2017-14058

all versions

In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, w

6.5MEDIUM

CVE-2017-14057

all versions

In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption.

6.5MEDIUM

CVE-2017-14056

all versions

In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU an

6.5MEDIUM

CVE-2017-14055

all versions

In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU a

6.5MEDIUM

CVE-2017-14054

all versions

In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU

6.5MEDIUM

CVE-2013-0870

all versions

The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.

9.8CRITICAL

CVE-2012-2805

all versions

Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.

7.5HIGH

CVE-2012-2781

<= 0.10.0