Ffmpeg

ffmpeg

Vendor: Ffmpeg • 480 CVEs

CVEs (480)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-9316 1Ffmpeg 1Ffmpeg May 6, 2026 Dec 9, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly hav...Show more The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.Show less
CVE-2014-8549 1Ffmpeg 1Ffmpeg May 6, 2026 Nov 5, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impa...Show more libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.Show less
CVE-2014-8548 2Canonical Ffmpeg 2Ffmpeg Ubuntu Linux May 6, 2026 Nov 5, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) v...Show more Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.Show less
CVE-2014-8547 2Canonical Ffmpeg 2Ffmpeg Ubuntu Linux May 6, 2026 Nov 5, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted...Show more libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.Show less
CVE-2014-8546 1Ffmpeg 1Ffmpeg May 6, 2026 Nov 5, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.
CVE-2014-8545 1Ffmpeg 1Ffmpeg May 6, 2026 Nov 5, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or po...Show more libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.Show less
CVE-2014-8544 2Canonical Ffmpeg 2Ffmpeg Ubuntu Linux May 6, 2026 Nov 5, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via c...Show more libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.Show less
CVE-2014-8543 2Canonical Ffmpeg 2Ffmpeg Ubuntu Linux May 6, 2026 Nov 5, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly...Show more libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.Show less
CVE-2014-8542 3Canonical DebianFfmpeg 3Debian Linux FfmpegUbuntu Linux May 6, 2026 Nov 5, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other imp...Show more libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.Show less
CVE-2014-8541 2Canonical Ffmpeg 2Ffmpeg Ubuntu Linux May 6, 2026 Nov 5, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial o...Show more libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.Show less
CVE-2014-5272 1Ffmpeg 1Ffmpeg May 6, 2026 Nov 3, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array a...Show more libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.Show less
CVE-2014-5271 2Ffmpeg Libav 2Ffmpeg Libav May 6, 2026 Nov 3, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers...Show more Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.Show less
CVE-2014-2099 1Ffmpeg 1Ffmpeg Apr 29, 2026 Mar 2, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly hav...Show more The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data.Show less
CVE-2014-2098 1Ffmpeg 1Ffmpeg Apr 29, 2026 Mar 2, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecifi...Show more libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data.Show less
CVE-2014-2097 1Ffmpeg 1Ffmpeg Apr 29, 2026 Mar 2, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array acce...Show more The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data.Show less
CVE-2014-2263 1Ffmpeg 1Ffmpeg Apr 29, 2026 Mar 1, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an...Show more The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write.Show less
CVE-2012-6618 1Ffmpeg 1Ffmpeg Apr 29, 2026 Dec 24, 2013 N/A· v4 N/A· v3 2.6 LOW· v2 The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly...Show more The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate."Show less
CVE-2012-6617 1Ffmpeg 1Ffmpeg Apr 29, 2026 Dec 24, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.
CVE-2012-6616 1Ffmpeg 1Ffmpeg Apr 29, 2026 Dec 24, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data.
CVE-2012-6615 1Ffmpeg 1Ffmpeg Apr 29, 2026 Dec 24, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text.

Previous 1...151617...24 Next