threat
engine
.sh
Back
·
··:··
Home
/
Product
/
libav
Product
libav
108 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-8586
<= 12.3
A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binar
3.3
LOW
CVE-2025-8585
<= 12.3
A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main
5.3
MEDIUM
CVE-2025-8584
<= 12.3
A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_
3.3
LOW
CVE-2020-18778
all versions
In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause den
6.5
MEDIUM
CVE-2020-18776
all versions
In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-se
6.5
MEDIUM
CVE-2020-18775
all versions
In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause den
6.5
MEDIUM
CVE-2014-4609
< 0.8.13
Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows r
8.8
HIGH
CVE-2019-9720
<= 12.3
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file
6.5
MEDIUM
CVE-2019-9719
<= 12.3
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file
8.8
HIGH
CVE-2019-9717
<= 12.3
In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska fo
6.5
MEDIUM
CVE-2019-14443
all versions
An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to
6.5
MEDIUM
CVE-2019-14442
all versions
In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100
6.5
MEDIUM
CVE-2019-14441
all versions
An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash
6.5
MEDIUM
CVE-2019-14372
all versions
In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.
6.5
MEDIUM
CVE-2019-14371
all versions
An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related
6.5
MEDIUM
CVE-2017-5984
all versions
In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read.
6.5
MEDIUM
CVE-2018-20001
all versions
In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavc
6.5
MEDIUM
CVE-2018-19130
all versions
In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denia
6.5
MEDIUM
CVE-2018-19129
all versions
In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_templ
6.5
MEDIUM
CVE-2018-19128
all versions
In Libav 12.3, there is a heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that allows an attacker to cause deni
6.5
MEDIUM
CVE-2018-18829
all versions
There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a
6.5
MEDIUM
CVE-2018-18828
all versions
There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause
6.5
MEDIUM
CVE-2018-18827
all versions
There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denia
6.5
MEDIUM
CVE-2018-18826
all versions
There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a
6.5
MEDIUM
CVE-2018-11224
all versions
An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in libavcodec/aacsbr.c allows remot
6.5
MEDIUM
CVE-2018-11102
all versions
An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attack
7.5
HIGH
CVE-2017-18247
all versions
The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL
6.5
MEDIUM
CVE-2017-18246
all versions
The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based b
6.5
MEDIUM
CVE-2017-18245
all versions
The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffe
6.5
MEDIUM
CVE-2017-18244
all versions
The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bo
6.5
MEDIUM
CVE-2017-18243
all versions
The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (se
6.5
MEDIUM
CVE-2017-18242
all versions
The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (o
6.5
MEDIUM
CVE-2018-5766
<= 12.2
In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could l
8.8
HIGH
CVE-2018-5684
<= 12.2
In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attac
8.8
HIGH
CVE-2017-1000460
all versions
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_b
6.5
MEDIUM
CVE-2017-17130
all versions
The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service
8.8
HIGH
CVE-2017-17129
all versions
The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segm
8.8
HIGH
CVE-2017-17128
all versions
The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmen
6.5
MEDIUM
CVE-2017-17127
all versions
The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL poin
6.5
MEDIUM
CVE-2017-16803
<= 11.11
In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict
7.5
HIGH
CVE-2017-11684
all versions
There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote de
7.5
HIGH
CVE-2017-9987
all versions
There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to
7.5
HIGH
CVE-2017-9051
<= 12.0
libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in l
9.8
CRITICAL
CVE-2017-7208
all versions
The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) o
7.1
HIGH
CVE-2017-7206
all versions
The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based bu
7.1
HIGH
CVE-2016-9826
all versions
libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shif
5.5
MEDIUM
CVE-2016-9825
all versions
libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of
5.5
MEDIUM
CVE-2016-9824
all versions
Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a craf
5.5
MEDIUM
CVE-2016-9823
all versions
libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.
5.5
MEDIUM
CVE-2016-9822
all versions
Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafte
5.5
MEDIUM
CVE-2016-9821
all versions
Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a
5.5
MEDIUM
CVE-2016-9820
all versions
libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving lef
5.5
MEDIUM
CVE-2016-9819
all versions
libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift
5.5
MEDIUM
CVE-2016-8676
<= 11.8
The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference a
5.5
MEDIUM
CVE-2016-8675
<= 11.8
The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer derefe
5.5
MEDIUM
CVE-2016-7499
all versions
The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero erro
5.5
MEDIUM
CVE-2016-7477
all versions
The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid
5.5
MEDIUM
CVE-2016-7393
<= 11.4
Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denia
5.5
MEDIUM
CVE-2016-6832
<= 11.3
Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a
5.5
MEDIUM
CVE-2016-7424
<= 11.7
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial
5.5
MEDIUM
CVE-2016-3062
<= 11.6
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a den
8.8
HIGH
CVE-2015-5479
<= 11.4
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of servi
6.5
MEDIUM
CVE-2015-3395
<= 10.6
The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.1
CVE-2014-5271
<= 10.4
Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2
CVE-2014-3984
<= 0.8.11
Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors.
CVE-2011-3937
all versions
The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, a
CVE-2012-5144
all versions
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, whic
CVE-2012-2804
all versions
Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack
CVE-2012-2803
all versions
Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0
CVE-2012-2802
all versions
Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8
CVE-2012-2801
all versions
Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unkn
CVE-2012-2800
all versions
Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.
CVE-2012-2798
all versions
Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and
CVE-2012-2797
all versions
Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x b
CVE-2012-2796
all versions
Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8
CVE-2012-2794
all versions
Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.
CVE-2012-2793
all versions
Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x
CVE-2012-2791
all versions
Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_
CVE-2012-2790
all versions
Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before
CVE-2012-2789
all versions
Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.
CVE-2012-2788
all versions
Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.
CVE-2012-2787
all versions
Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 h
CVE-2012-2786
all versions
Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and
CVE-2012-2784
all versions
Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 a
CVE-2012-2783
all versions
Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unk
CVE-2012-2779
all versions
Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7
CVE-2012-2777
all versions
Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 a
CVE-2012-2776
all versions
Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8
CVE-2012-2775
all versions
Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before
CVE-2012-2772
all versions
Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before
CVE-2011-4579
all versions
The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7
CVE-2011-4364
all versions
Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0
CVE-2011-4353
all versions
The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before
CVE-2011-4352
all versions
Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0
CVE-2011-3945
all versions
The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and
CVE-2012-0947
all versions
Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.
CVE-2012-0858
all versions
The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9
CVE-2012-0853
all versions
The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0
CVE-2012-0852
all versions
The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.
CVE-2012-0851
all versions
The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0
CVE-2011-3952
all versions
The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x
CVE-2011-3951
all versions
The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6,
CVE-2011-3947
all versions
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.
CVE-2011-3940
all versions
nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6,
CVE-2011-3936
all versions
The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9,
CVE-2011-3929
all versions
The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x befor
CVE-2011-3362
<= 0.7.1
Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before
CVE-2011-1931
<= 0.6.2
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC m
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin