Vulnerabilities (CVE)

Filtered by vendor Ffmpeg Subscribe
Total 430 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-7502 1 Ffmpeg 1 Ffmpeg 2024-11-21 6.8 MEDIUM 7.8 HIGH
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.
CVE-2016-7450 1 Ffmpeg 1 Ffmpeg 2024-11-21 6.8 MEDIUM 7.8 HIGH
The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.
CVE-2016-7122 1 Ffmpeg 1 Ffmpeg 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.
CVE-2016-6920 1 Ffmpeg 1 Ffmpeg 2024-11-21 5.0 MEDIUM 7.5 HIGH
Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.
CVE-2016-6881 1 Ffmpeg 1 Ffmpeg 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.
CVE-2016-6671 1 Ffmpeg 1 Ffmpeg 2024-11-21 6.8 MEDIUM 7.8 HIGH
The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.
CVE-2016-6164 1 Ffmpeg 1 Ffmpeg 2024-11-21 7.5 HIGH 9.8 CRITICAL
Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.
CVE-2016-3062 4 Debian, Ffmpeg, Libav and 1 more 4 Debian Linux, Ffmpeg, Libav and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
CVE-2016-2839 3 Ffmpeg, Linux, Mozilla 3 Ffmpeg, Linux Kernel, Firefox 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.
CVE-2016-2330 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.
CVE-2016-2329 2 Ffmpeg, Opensuse 2 Ffmpeg, Leap 2024-11-21 6.8 MEDIUM 8.8 HIGH
libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions.
CVE-2016-2328 1 Ffmpeg 1 Ffmpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions.
CVE-2016-2327 1 Ffmpeg 1 Ffmpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions.
CVE-2016-2326 3 Canonical, Debian, Ffmpeg 3 Ubuntu Linux, Debian Linux, Ffmpeg 2024-11-21 6.8 MEDIUM 8.8 HIGH
Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.
CVE-2016-2213 1 Ffmpeg 1 Ffmpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.
CVE-2016-1898 3 Canonical, Ffmpeg, Opensuse 3 Ubuntu Linux, Ffmpeg, Leap 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.
CVE-2016-1897 3 Canonical, Ffmpeg, Opensuse 3 Ubuntu Linux, Ffmpeg, Leap 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.
CVE-2016-10192 1 Ffmpeg 1 Ffmpeg 2024-11-21 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.
CVE-2016-10191 1 Ffmpeg 1 Ffmpeg 2024-11-21 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.
CVE-2016-10190 1 Ffmpeg 1 Ffmpeg 2024-11-21 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.