VulnerableCode Package Details - pkg:apk/alpine/ffmpeg@3.2.5-r0?arch=x86&distroversion=v3.6&reponame=main

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-f3jf-6qya-nuht	The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.	CVE-2017-9996
VCID-n417-8xsr-nuhx	Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.	CVE-2017-9991
VCID-pyw4-6cjy-6ken	security update	CVE-2017-9992
VCID-u9w6-aeku-akav	libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.	CVE-2017-9994

Vulnerability

Summary

Aliases

VCID-f3jf-6qya-nuht

The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

CVE-2017-9996

VCID-n417-8xsr-nuhx

Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

CVE-2017-9991

VCID-pyw4-6cjy-6ken

security update

CVE-2017-9992

VCID-u9w6-aeku-akav

libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

CVE-2017-9994

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-06T04:55:10.941760+00:00	Alpine Linux Importer	Fixing	VCID-n417-8xsr-nuhx	https://secdb.alpinelinux.org/v3.6/main.json	38.1.0
2026-04-06T04:52:18.563737+00:00	Alpine Linux Importer	Fixing	VCID-f3jf-6qya-nuht	https://secdb.alpinelinux.org/v3.6/main.json	38.1.0
2026-04-03T17:48:51.566437+00:00	Alpine Linux Importer	Fixing	VCID-u9w6-aeku-akav	https://secdb.alpinelinux.org/v3.6/main.json	38.1.0
2026-04-01T19:31:56.596348+00:00	Alpine Linux Importer	Fixing	VCID-pyw4-6cjy-6ken	https://secdb.alpinelinux.org/v3.6/main.json	38.0.0