Ffmpeg

ffmpeg

Vendor: Ffmpeg • 480 CVEs

CVEs (480)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-0870 1Ffmpeg 1Ffmpeg May 13, 2026 Aug 28, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.
CVE-2012-2805 1Ffmpeg 1Ffmpeg May 13, 2026 Aug 28, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.
CVE-2012-2781 1Ffmpeg 1Ffmpeg May 13, 2026 Aug 9, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.
CVE-2012-2780 1Ffmpeg 1Ffmpeg May 13, 2026 Aug 9, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.
CVE-2012-2778 1Ffmpeg 1Ffmpeg May 13, 2026 Aug 9, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.
CVE-2012-2773 1Ffmpeg 1Ffmpeg May 13, 2026 Aug 9, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
CVE-2012-2771 1Ffmpeg 1Ffmpeg May 13, 2026 Aug 9, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
CVE-2017-11719 1Ffmpeg 1Ffmpeg May 13, 2026 Jul 28, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNx...Show more The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.Show less
CVE-2017-11665 1Ffmpeg 1Ffmpeg May 13, 2026 Jul 27, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.
CVE-2017-11399 1Ffmpeg 1Ffmpeg May 13, 2026 Jul 17, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspe...Show more Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.Show less
CVE-2017-9996 1Ffmpeg 1Ffmpeg May 13, 2026 Jun 28, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remot...Show more The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.Show less
CVE-2017-9995 1Ffmpeg 1Ffmpeg May 13, 2026 Jun 28, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly hav...Show more libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.Show less
CVE-2017-9994 2Debian Ffmpeg 2Debian Linux Ffmpeg May 13, 2026 Jun 28, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of servic...Show more libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.Show less
CVE-2017-9993 2Debian Ffmpeg 2Debian Linux Ffmpeg May 13, 2026 Jun 28, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrar...Show more FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.Show less
CVE-2017-9992 2Debian Ffmpeg 2Debian Linux Ffmpeg May 13, 2026 Jun 28, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a de...Show more Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.Show less
CVE-2017-9991 1Ffmpeg 1Ffmpeg May 13, 2026 Jun 28, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to ca...Show more Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.Show less
CVE-2017-9990 1Ffmpeg 1Ffmpeg May 13, 2026 Jun 28, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified oth...Show more Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.Show less
CVE-2017-7866 1Ffmpeg 1Ffmpeg May 13, 2026 Apr 14, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.
CVE-2017-7865 2Debian Ffmpeg 2Debian Linux Ffmpeg May 13, 2026 Apr 14, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function...Show more FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.Show less
CVE-2017-7863 2Debian Ffmpeg 2Debian Linux Ffmpeg May 13, 2026 Apr 14, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.

Previous 1...111213...24 Next