Search for packages
| purl | pkg:deb/debian/ffmpeg@0?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-198c-34qv-rqg3 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-2097
|
| VCID-1bgd-eke7-3fhx | A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125015
|
| VCID-1pp8-ygjm-cbcm | Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to the curtileno variable. |
CVE-2012-0855
|
| VCID-1vff-ss3h-gbay | Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-bounds array access. |
CVE-2013-0855
|
| VCID-1wgj-dtu4-qkdf | ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c. |
CVE-2024-55069
|
| VCID-224f-63ph-guft | several |
CVE-2013-0857
|
| VCID-22aj-15ec-dudu | A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125003
|
| VCID-247k-szve-ckcs | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0878
|
| VCID-2fqf-58hb-a7a5 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. |
CVE-2025-25469
|
| VCID-2k2f-v66d-t3h3 | FFmpeg: Double-Free Vulnerability in FFmpeg TensorFlow DNN Backend |
CVE-2025-12343
|
| VCID-2nba-zbyx-eue3 | Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map. |
CVE-2023-51791
|
| VCID-2nmm-nuw3-tbfj | Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
CVE-2022-3965
|
| VCID-2sq1-jdmd-bug1 | The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access. |
CVE-2013-0847
|
| VCID-31qj-hjbv-f7ec | libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c. |
CVE-2018-12460
|
| VCID-3etm-sqyu-67fm | FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. |
CVE-2024-36619
|
| VCID-44dk-aj5n-xbha | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2794
|
| VCID-4jvg-pcqe-5qh5 | A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125018
|
| VCID-4wdw-3g3z-cfb1 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2789
|
| VCID-53qa-thf6-b7dt | FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. |
CVE-2024-32229
|
| VCID-54bh-w7uz-zybm | The OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. |
CVE-2011-1196
|
| VCID-57nj-y97s-9ybm | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0862
|
| VCID-5a5k-ncq2-mff2 | Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file. |
CVE-2012-0847
|
| VCID-5mvh-utfm-6kd8 | FFmpeg: FFmpeg: Integer underflow in DHAV file header parsing leads to out-of-bounds read |
CVE-2025-59729
|
| VCID-5nx6-fzzv-y7hv | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0874
|
| VCID-5t4n-ymvt-dbht | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2799
|
| VCID-5wyh-x9v3-bke9 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2013-3671
|
| VCID-616m-bsha-k3d9 | Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value. |
CVE-2012-0849
|
| VCID-6kcw-hqwg-sqhb | A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125004
|
| VCID-6t4h-5tr8-5fg9 | FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
CVE-2024-31585
|
| VCID-6vmv-ae1p-47c9 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2790
|
| VCID-7rvw-fdhh-vbb7 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. |
CVE-2025-25468
|
| VCID-7v23-u9nc-kkhs | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-0852
|
| VCID-8753-typb-f3ay | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7024
|
| VCID-89vu-uh6a-2few | Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). |
CVE-2020-24995
|
| VCID-8h5z-6bc1-tuc3 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2774
|
| VCID-8s7h-pz8y-6qc6 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2787
|
| VCID-8u47-xxj7-2ue6 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
CVE-2019-15942
|
| VCID-93pp-w2pk-4kaf | qffmpeg/ffmpeg-spice: DoS via vectors related to the rtp format in ffserver.c |
CVE-2012-6617
|
| VCID-9te6-anvj-2qfg | In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. |
CVE-2018-13305
|
| VCID-9yn3-5kba-f7az | The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors, which triggers a heap-based buffer overflow. |
CVE-2012-0854
|
| VCID-ahgr-hux1-gubh | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-4263
|
| VCID-aqyk-qq3p-3ugd | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2013-3674
|
| VCID-at8g-nqpk-53bu | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7016
|
| VCID-axg9-tx5m-xufr | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2010-4705
|
| VCID-aypg-u4ez-z3by | FFmpeg: FFmpeg: Use-after-free vulnerability in SANM decoding |
CVE-2025-59734
|
| VCID-btjr-xbv4-r3h4 | The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data. |
CVE-2013-2276
|
| VCID-bv1x-tr6m-qke1 | Multiple vulnerabilities in FFmpeg may lead to the remote execution of arbitrary code or a Denial of Service. |
CVE-2008-4868
|
| VCID-c1dd-bedv-jbem | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-0851
|
| VCID-cbbs-m2hw-2kha | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2796
|
| VCID-cjw3-f4q3-vbek | several |
CVE-2013-7014
|
| VCID-cnfg-rbw5-1ybf | FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application. |
CVE-2024-31581
|
| VCID-cnnd-5z7a-5qen | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7022
|
| VCID-cqv2-myzu-pqfa | A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125005
|
| VCID-crmy-twr2-zqg5 | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2012-5144
|
| VCID-ctp2-3k8k-wkez | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2786
|
| VCID-cv9h-u8a9-gqe9 | ffmpeg: FFmpeg: Double-free vulnerability in new_stream_audio function |
CVE-2024-35365
|
| VCID-cx7q-2vku-k7bx | Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c |
CVE-2023-47470
|
| VCID-d64g-97h2-1qcs | FFmpeg: FFmpeg: Heap-buffer-overflow in SANM (ANIM v0 variant) file frame decoding |
CVE-2025-59730
|
| VCID-dhym-628j-gyc9 | Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file. NOTE: this vulnerability exists because of a regression error. |
CVE-2012-0856
|
| VCID-du4y-1xud-affq | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3937
|
| VCID-dxkt-5xbr-zbcw | FFmpeg: FFmpeg: Heap memory corruption when decoding OpenEXR files with DWAA/DWAB compression |
CVE-2025-59732
|
| VCID-e57q-2f8h-1yee | Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
CVE-2019-13312
|
| VCID-e7ak-ahr6-wfa5 | When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond. |
CVE-2025-59731
|
| VCID-ed68-9h9m-zqbx | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3935
|
| VCID-ehfg-vtjd-ayau | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2013-3673
|
| VCID-eq2n-wmh3-yufh | A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125011
|
| VCID-etr9-szca-nffm | several |
CVE-2013-0845
|
| VCID-f4j7-1cqh-xfh7 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-4264
|
| VCID-f83p-e1wa-wbah | A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125013
|
| VCID-fn6w-m7ka-e3ex | The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow. |
CVE-2012-0850
|
| VCID-fw45-nn58-8khp | FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. |
CVE-2023-50007
|
| VCID-fxqx-4tbe-n3e6 | A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 |
CVE-2022-2566
|
| VCID-gcbv-1cdm-g3gg | The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. |
CVE-2017-7206
|
| VCID-gd9n-htmv-jbgy | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7013
|
| VCID-gfzm-92dd-bqfm | FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. |
CVE-2024-31582
|
| VCID-grh1-jxmf-dqdv | In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. |
CVE-2024-35369
|
| VCID-hcf3-x3kz-gkaz | FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. |
CVE-2025-25471
|
| VCID-hw9n-ge2h-dqc3 | Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. |
CVE-2024-22861
|
| VCID-j3u1-ar4c-zqce | The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an out-of-bounds array access. |
CVE-2013-0859
|
| VCID-jk4d-w3n7-dbg4 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2785
|
| VCID-jk8v-sy2r-nfer | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2802
|
| VCID-jrcs-sa3z-43du | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3945
|
| VCID-jyba-xwh6-kue5 | FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component. |
CVE-2023-50009
|
| VCID-jzh8-angx-xyeg | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7012
|
| VCID-k3ns-gbt4-rff4 | FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c. |
CVE-2025-25473
|
| VCID-k48w-9as5-mqav | A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125019
|
| VCID-karv-6kgy-7kd9 | A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125022
|
| VCID-kg4f-nzsg-zqgt | A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125024
|
| VCID-kzuj-fuh9-hfer | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-9676
|
| VCID-m8hh-2aep-hugp | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0876
|
| VCID-mbs9-wuys-1fgn | Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
CVE-2021-30123
|
| VCID-mbv4-w231-yffe | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7018
|
| VCID-mc9v-zn1h-r3cj | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0875
|
| VCID-mfaw-hutg-v7b4 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2792
|
| VCID-mfx3-a4bq-zkhy | security update |
CVE-2022-4907
|
| VCID-mnzz-p8eh-z3bt | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0863
|
| VCID-mtm5-9hfk-2kee | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2795
|
| VCID-mwwt-hfwu-g7f5 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame |
CVE-2023-51797
|
| VCID-n9nv-xzef-7kgr | A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125025
|
| VCID-nd7z-nbky-hyaz | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7008
|
| VCID-nfj6-kgxb-r7b4 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0864
|
| VCID-nfkv-qaft-5qay | A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125020
|
| VCID-ngbz-h2dc-m3hg | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3949
|
| VCID-ngry-9b2s-5kdg | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-5271
|
| VCID-nhhz-64fq-pqg2 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. |
CVE-2024-22860
|
| VCID-nq34-6xt6-u3g5 | libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data. |
CVE-2013-4358
|
| VCID-ns8d-144c-zqd5 | A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). |
CVE-2025-22920
|
| VCID-ntp8-x798-b7b4 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame. |
CVE-2023-51796
|
| VCID-nuah-6bpn-m7bu | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. |
CVE-2023-49501
|
| VCID-nw7b-kwcm-6bbn | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame |
CVE-2023-51795
|
| VCID-nxsr-usgh-z3ah | FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component. |
CVE-2023-50008
|
| VCID-nzpy-ap16-w7a3 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0877
|
| VCID-pjmc-zurg-wfdu | The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text. |
CVE-2012-6615
|
| VCID-punc-9afs-kfeb | A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125007
|
| VCID-q3wx-wbzs-zubf | A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125016
|
| VCID-q4yv-upxy-2bfx | A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125014
|
| VCID-qf1v-9k1v-zqec | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7017
|
| VCID-qrwa-htte-6ygg | Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
CVE-2017-9990
|
| VCID-qz4c-h7t4-x3ft | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-4352
|
| VCID-r3wj-dy7h-a7ep | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2793
|
| VCID-rbsk-pp6x-yfbu | A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue. |
CVE-2014-125017
|
| VCID-rc6d-24r7-6ygd | Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. |
CVE-2020-24020
|
| VCID-rt66-ktnu-3qcq | A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125012
|
| VCID-rv73-funm-8kba | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7023
|
| VCID-s89e-x3gb-n3cg | A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue. |
CVE-2025-1373
|
| VCID-sj5b-sw93-sfer | A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125023
|
| VCID-t46y-kzau-u3dv | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-1931
|
| VCID-t595-a685-k3c7 | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2012-0848
|
| VCID-t7jf-1fk6-zqg6 | security update |
CVE-2016-7424
|
| VCID-t98z-5e9v-p7b8 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3950
|
| VCID-tcu8-mgdg-yqhh | An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg. |
CVE-2016-8710
|
| VCID-tedg-6nxj-vkbq | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7021
|
| VCID-tvr5-632n-cbc3 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-2098
|
| VCID-u3g6-wkxn-7yhz | several |
CVE-2013-0853
|
| VCID-uakc-kpg5-2ug5 | Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. |
CVE-2023-49528
|
| VCID-upvk-tf2s-zub8 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. |
CVE-2024-22862
|
| VCID-uu1r-qfrz-9qes | several |
CVE-2013-0866
|
| VCID-v73v-5e7j-37hc | Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
CVE-2022-3964
|
| VCID-v9bs-9nth-1bck | Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
CVE-2021-33815
|
| VCID-vfs1-n4ps-v3e6 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2013-3675
|
| VCID-vp1x-2g5t-6qca | FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. |
CVE-2023-46407
|
| VCID-vw1c-wtjx-gbga | A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125006
|
| VCID-w2hu-5u9a-kbdd | The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data. |
CVE-2014-2099
|
| VCID-w2vk-e1md-wkc9 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. |
CVE-2024-32228
|
| VCID-w82f-hvzm-dfhf | libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. |
CVE-2017-9995
|
| VCID-wa5g-9n96-tybv | A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component. |
CVE-2024-7272
|
| VCID-wasv-apuh-sfe3 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0861
|
| VCID-wwm7-ynx4-qkea | A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125021
|
| VCID-x3cd-px12-dyg3 | An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). |
CVE-2020-36138
|
| VCID-xh69-cs7h-wqb2 | A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue. |
CVE-2025-1816
|
| VCID-xnsb-a3tr-afgw | Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors. |
CVE-2012-0857
|
| VCID-y3yu-shaa-jyh5 | A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125010
|
| VCID-y661-ec7j-x7hw | A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125008
|
| VCID-ymjg-a569-qfcy | A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125002
|
| VCID-ynmq-9awx-3ugg | A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125009
|
| VCID-yy7s-tjh6-6bfj | In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read. |
CVE-2017-5984
|
| VCID-yzaj-ekfv-uufb | The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data. |
CVE-2012-6616
|
| VCID-yzge-s8kz-aufz | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7019
|
| VCID-z2w1-vp84-vkfy | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-4265
|
| VCID-z5gp-8z77-8uab | Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. |
CVE-2012-2882
|
| VCID-z9cg-s4wh-dkcj | Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet. |
CVE-2011-4031
|
| VCID-zb99-r9jh-u7gs | FFmpeg: out-of-bounds read in RV60 video decoder |
CVE-2025-69693
|
| VCID-zbm2-997f-fubj | The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. |
CVE-2013-0870
|
| VCID-zd2k-2pb2-y7gz | FFmpeg: FFmpeg: Buffer overflow in OpenEXR DWAA/DWAB decoding |
CVE-2025-59733
|
| VCID-zfws-4dmh-z3d3 | The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. |
CVE-2015-5479
|
| VCID-zpnd-4ep5-sbg8 | FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. |
CVE-2017-7859
|
| VCID-ztct-23kh-5baa | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0872
|