Vulnerabilities (CVE)

Filtered by vendor Ffmpeg Subscribe
Total 430 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9995 1 Ffmpeg 1 Ffmpeg 2024-11-21 6.8 MEDIUM 7.8 HIGH
libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-9994 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 6.8 MEDIUM 7.8 HIGH
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.
CVE-2017-9993 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 5.0 MEDIUM 7.5 HIGH
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.
CVE-2017-9992 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-9991 1 Ffmpeg 1 Ffmpeg 2024-11-21 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-9990 1 Ffmpeg 1 Ffmpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-9608 1 Ffmpeg 1 Ffmpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.
CVE-2017-7866 1 Ffmpeg 1 Ffmpeg 2024-11-21 7.5 HIGH 9.8 CRITICAL
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.
CVE-2017-7865 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 7.5 HIGH 9.8 CRITICAL
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.
CVE-2017-7863 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 7.5 HIGH 9.8 CRITICAL
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.
CVE-2017-7862 1 Ffmpeg 1 Ffmpeg 2024-11-21 7.5 HIGH 9.8 CRITICAL
FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.
CVE-2017-7859 1 Ffmpeg 1 Ffmpeg 2024-11-21 7.5 HIGH 9.8 CRITICAL
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.
CVE-2017-17555 2 Aubio, Ffmpeg 3 Aubio, Ffmpeg, Libswresample 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.
CVE-2017-17081 1 Ffmpeg 1 Ffmpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.
CVE-2017-16840 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 7.5 HIGH 9.8 CRITICAL
The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
CVE-2017-15672 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
CVE-2017-15186 1 Ffmpeg 1 Ffmpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.
CVE-2017-14767 1 Ffmpeg 1 Ffmpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.
CVE-2017-14225 1 Ffmpeg 1 Ffmpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)
CVE-2017-14223 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 7.1 HIGH 6.5 MEDIUM
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.