Search for packages
| purl | pkg:deb/debian/ffmpeg@7:3.2.5-1~bpo8%2B1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-126a-h1j8-37be
Aliases: CVE-2020-22019 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-132s-5ca1-ekge
Aliases: CVE-2020-22031 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-1ene-uw7y-hyh7
Aliases: CVE-2020-22039 |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. |
Affected by 21 other vulnerabilities. |
|
VCID-1kt8-snqa-5ygv
Aliases: CVE-2023-6602 |
A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists. |
Affected by 7 other vulnerabilities. |
|
VCID-1naj-ejg3-vucx
Aliases: CVE-2020-20445 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-1ppb-hsn1-rfb4
Aliases: CVE-2017-14171 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-1vbq-3ve8-dbdr
Aliases: CVE-2025-7700 |
FFmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c) |
Affected by 7 other vulnerabilities. |
|
VCID-2843-dc35-wqb1
Aliases: CVE-2020-13904 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-2f5v-efwu-zkf2
Aliases: CVE-2017-14054 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-2h78-8pyd-bkd7
Aliases: CVE-2021-38093 |
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
Affected by 21 other vulnerabilities. |
|
VCID-2r5v-2n11-u3c3
Aliases: CVE-2020-22021 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-2xa8-jpbu-nfgw
Aliases: CVE-2019-11338 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-2y4c-3nny-3ybc
Aliases: CVE-2020-22049 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-2y9j-sdhe-t3fv
Aliases: CVE-2018-1999014 |
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later. |
Affected by 100 other vulnerabilities. |
|
VCID-2zp5-1mhj-xba8
Aliases: CVE-2018-10001 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-2zqc-psx1-r7gt
Aliases: CVE-2017-14059 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-352p-mxyy-k3bu
Aliases: CVE-2025-22921 |
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. |
Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-3frq-jdkb-gbe3
Aliases: CVE-2018-7751 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
Affected by 100 other vulnerabilities. |
|
VCID-3h4v-tpz1-nkc8
Aliases: CVE-2019-11339 |
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data. |
Affected by 100 other vulnerabilities. |
|
VCID-3kuu-9ct2-ufff
Aliases: CVE-2020-21688 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-3rut-euq4-nye9
Aliases: CVE-2021-38090 |
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
Affected by 21 other vulnerabilities. |
|
VCID-3uu6-gewn-puhh
Aliases: CVE-2021-38171 |
Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-3vdw-3jtz-yqcu
Aliases: CVE-2017-9608 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-44fr-brhn-3ba5
Aliases: CVE-2018-1999015 |
FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. |
Affected by 100 other vulnerabilities. |
|
VCID-4dbn-zqcg-sqed
Aliases: CVE-2020-22036 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-4mv3-944q-43av
Aliases: CVE-2020-22034 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-4p7u-gbbg-8qec
Aliases: CVE-2020-20892 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-4rx9-wv92-mbds
Aliases: CVE-2017-15672 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-53q2-pjmd-yudm
Aliases: CVE-2017-11719 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-54sp-9tsa-jkfv
Aliases: CVE-2017-14225 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-55tz-e6th-bqhd
Aliases: CVE-2020-14212 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
Affected by 21 other vulnerabilities. |
|
VCID-5d1q-u8kw-gyce
Aliases: CVE-2024-32230 |
security update |
Affected by 21 other vulnerabilities. |
|
VCID-5tcy-5qh1-tfds
Aliases: CVE-2020-20453 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-5uzy-vv1e-pffa
Aliases: CVE-2020-22033 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-5w7b-tky9-5kdw
Aliases: CVE-2023-51798 |
security update |
Affected by 21 other vulnerabilities. |
|
VCID-5zpv-11eu-67em
Aliases: CVE-2020-22017 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-64rv-4d7p-f7ae
Aliases: CVE-2018-13304 |
In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c. |
Affected by 100 other vulnerabilities. |
|
VCID-69c5-czpf-ubbt
Aliases: CVE-2020-20448 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-6cw6-yt4s-fygb
Aliases: CVE-2017-14170 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-6v9u-fg54-vkdq
Aliases: CVE-2022-1475 |
Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
Affected by 21 other vulnerabilities. |
|
VCID-74cw-4jws-53en
Aliases: CVE-2024-36616 |
security update |
Affected by 21 other vulnerabilities. |
|
VCID-7661-8gpd-7yab
Aliases: CVE-2020-22048 |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. |
Affected by 21 other vulnerabilities. |
|
VCID-77c1-h4ns-zkdg
Aliases: CVE-2018-13301 |
In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. |
Affected by 100 other vulnerabilities. |
|
VCID-7jm3-3pr8-r3dm
Aliases: CVE-2017-17081 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-7kmr-r2hd-dfap
Aliases: CVE-2023-6603 |
A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization. |
Affected by 7 other vulnerabilities. |
|
VCID-7skv-51zg-8qfh
Aliases: CVE-2023-51793 |
security update |
Affected by 21 other vulnerabilities. |
|
VCID-83hg-szmj-d3f2
Aliases: CVE-2020-21697 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-8pzz-vgxw-xqcv
Aliases: CVE-2018-13302 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-8sef-te24-d3gw
Aliases: CVE-2018-15822 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-8yan-7qec-57ac
Aliases: CVE-2020-35965 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-9vgp-smu2-nfdb
Aliases: CVE-2018-12459 |
An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. |
Affected by 100 other vulnerabilities. |
|
VCID-9w52-r33d-aygp
Aliases: CVE-2018-9841 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
Affected by 100 other vulnerabilities. |
|
VCID-a1vj-7z31-fff2
Aliases: CVE-2019-17542 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-a4se-yrg5-dqgc
Aliases: CVE-2020-22024 |
Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. |
Affected by 21 other vulnerabilities. |
|
VCID-aa2u-md78-pkdg
Aliases: CVE-2017-14056 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-aj2n-gz1w-gbaw
Aliases: CVE-2020-22044 |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. |
Affected by 21 other vulnerabilities. |
|
VCID-azt6-p94b-4ke8
Aliases: CVE-2021-38114 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-b1zp-uw35-hyen
Aliases: CVE-2020-22041 |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc. |
Affected by 21 other vulnerabilities. |
|
VCID-bjzd-xs1q-tkas
Aliases: CVE-2021-3566 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-bu85-sac7-z7ba
Aliases: CVE-2018-13300 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-c499-qvu1-x3h6
Aliases: CVE-2018-6621 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-cjef-ggd6-tugx
Aliases: CVE-2020-22027 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-cpnk-whs1-6kg7
Aliases: CVE-2025-1594 |
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
Affected by 7 other vulnerabilities. |
|
VCID-cqnh-jcnf-cuh1
Aliases: CVE-2018-14394 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-cwdm-78q3-r7ch
Aliases: CVE-2020-35964 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
Affected by 21 other vulnerabilities. |
|
VCID-d9xn-zb4d-7ubd
Aliases: CVE-2017-14058 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-dbxj-ayf9-cuad
Aliases: CVE-2024-36617 |
security update |
Affected by 21 other vulnerabilities. |
|
VCID-deye-6fud-bkf1
Aliases: CVE-2020-22026 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-dkhw-evaq-xuc8
Aliases: CVE-2020-22042 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-dx4t-wzh9-tbfn
Aliases: CVE-2017-14169 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-dy2j-at4k-7qdn
Aliases: CVE-2018-1999013 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-e9kf-tzg8-9bht
Aliases: CVE-2024-36615 |
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. |
Affected by 7 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-egw2-6put-7bce
Aliases: CVE-2017-11399 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-ehxu-n6zn-h7be
Aliases: CVE-2020-22051 |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. |
Affected by 21 other vulnerabilities. |
|
VCID-eyf7-r7m9-jfhm
Aliases: CVE-2019-13390 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-f3jf-6qya-nuht
Aliases: CVE-2017-9996 |
The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. |
Affected by 150 other vulnerabilities. |
|
VCID-f7vs-mmvn-huf9
Aliases: CVE-2023-50010 |
security update |
Affected by 21 other vulnerabilities. |
|
VCID-fqzc-ggz9-gbd5
Aliases: CVE-2024-7055 |
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. |
Affected by 7 other vulnerabilities. |
|
VCID-fw43-1pdc-kugv
Aliases: CVE-2017-11665 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-fzc3-fc7s-9kdj
Aliases: CVE-2018-6392 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-g1ag-ugcm-zudw
Aliases: CVE-2020-22016 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-g1y7-hq4d-6ya7
Aliases: CVE-2017-14767 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-g2v8-4pvp-kbhy
Aliases: CVE-2021-38091 |
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
Affected by 21 other vulnerabilities. |
|
VCID-g4te-h48e-fyeu
Aliases: CVE-2020-22054 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-gwet-989h-3fhz
Aliases: CVE-2024-36618 |
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. |
Affected by 7 other vulnerabilities. |
|
VCID-gztp-4964-3fe2
Aliases: CVE-2018-7557 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-h9pf-cucf-tqe6
Aliases: CVE-2019-17539 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-hd6u-9x7x-mke8
Aliases: CVE-2023-6605 |
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs. |
Affected by 7 other vulnerabilities. |
|
VCID-hert-vku8-1ydd
Aliases: CVE-2023-51794 |
security update |
Affected by 21 other vulnerabilities. |
|
VCID-hng1-rpw3-sqby
Aliases: CVE-2018-1999011 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-hp2q-hjkw-m7dq
Aliases: CVE-2022-3109 |
security update |
Affected by 21 other vulnerabilities. |
|
VCID-hs6k-vw8x-7kcb
Aliases: CVE-2020-22056 |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. |
Affected by 21 other vulnerabilities. |
|
VCID-hy8h-fhaj-jbew
Aliases: CVE-2022-48434 |
Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
Affected by 21 other vulnerabilities. |
|
VCID-j1u7-chw5-7ybd
Aliases: CVE-2020-22040 |
A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. |
Affected by 21 other vulnerabilities. |
|
VCID-j5ns-nbc5-9qgs
Aliases: CVE-2017-14222 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-j716-3n1b-huhv
Aliases: CVE-2020-22028 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-ju23-jjm4-1yd6
Aliases: CVE-2020-22030 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-jx57-jbtz-efe7
Aliases: CVE-2020-23906 |
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. |
Affected by 21 other vulnerabilities. |
|
VCID-k14h-eek4-s3cv
Aliases: CVE-2025-22919 |
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. |
Affected by 7 other vulnerabilities. |
|
VCID-kcjw-jy65-hfge
Aliases: CVE-2023-6604 |
A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation. |
Affected by 7 other vulnerabilities. |
|
VCID-kkgc-yhse-d3ga
Aliases: CVE-2017-15186 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-m3u1-zn19-k3dy
Aliases: CVE-2024-35367 |
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer |
Affected by 7 other vulnerabilities. |
|
VCID-m827-r499-xubz
Aliases: CVE-2024-35368 |
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. |
Affected by 7 other vulnerabilities. |
|
VCID-mynq-m5p7-uqex
Aliases: CVE-2017-14055 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-n417-8xsr-nuhx
Aliases: CVE-2017-9991 |
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
Affected by 150 other vulnerabilities. |
|
VCID-n82x-n8d1-4khs
Aliases: CVE-2017-9993 |
security update |
Affected by 150 other vulnerabilities. |
|
VCID-n9qa-r9nt-fyc8
Aliases: CVE-2025-9951 |
A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000. |
Affected by 7 other vulnerabilities. |
|
VCID-npwb-djcp-67aw
Aliases: CVE-2020-22025 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-ns98-tu4j-sfd5
Aliases: CVE-2024-31578 |
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. |
Affected by 7 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-nzna-uxam-jbgb
Aliases: CVE-2019-1000016 |
FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31. |
Affected by 100 other vulnerabilities. |
|
VCID-p7c5-vwxs-j3cs
Aliases: CVE-2017-14223 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-p9ep-x7mj-dbg8
Aliases: CVE-2020-20898 |
Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
Affected by 21 other vulnerabilities. |
|
VCID-pa11-k8vb-zuc2
Aliases: CVE-2020-22037 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-pqw1-1ty8-mucj
Aliases: CVE-2022-3341 |
security update |
Affected by 21 other vulnerabilities. |
|
VCID-pyw4-6cjy-6ken
Aliases: CVE-2017-9992 |
security update |
Affected by 150 other vulnerabilities. |
|
VCID-q7zf-nut2-tfan
Aliases: CVE-2021-38094 |
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
Affected by 21 other vulnerabilities. |
|
VCID-qgbj-eex5-27c3
Aliases: CVE-2020-22020 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-qr7y-vmc2-8qce
Aliases: CVE-2023-49502 |
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. |
Affected by 7 other vulnerabilities. |
|
VCID-qwnc-76hk-33fa
Aliases: CVE-2018-1999012 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-r8ym-8wau-dyej
Aliases: CVE-2020-22032 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-rfby-3dun-rqf9
Aliases: CVE-2025-63757 |
ffmpeg: FFmpeg: Integer overflow vulnerability leads to Denial of Service |
Affected by 7 other vulnerabilities. |
|
VCID-s1dr-ve2r-rbbu
Aliases: DSA-5268-1 ffmpeg |
security update |
Affected by 21 other vulnerabilities. |
|
VCID-s5r5-ux5c-xbft
Aliases: CVE-2020-20891 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-s85w-tanp-77hb
Aliases: CVE-2020-20451 |
Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c. |
Affected by 21 other vulnerabilities. |
|
VCID-s8cb-95ne-bkgg
Aliases: CVE-2020-22035 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-scwk-yz1c-f3hg
Aliases: CVE-2018-13303 |
In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. |
Affected by 100 other vulnerabilities. |
|
VCID-sfw9-8qxf-wfd3
Aliases: CVE-2021-28429 |
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. |
Affected by 21 other vulnerabilities. |
|
VCID-spq1-m6bg-y3f4
Aliases: CVE-2020-22023 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-tadx-3e5r-s3eh
Aliases: CVE-2024-36613 |
ffmpeg: FFmpeg: Integer overflow in DXA demuxer leads to denial of service |
Affected by 21 other vulnerabilities. |
|
VCID-tdnn-qfmc-wufa
Aliases: CVE-2018-12458 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-tjjt-y2km-5ka6
Aliases: CVE-2020-22046 |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. |
Affected by 21 other vulnerabilities. |
|
VCID-tpwr-paas-nyhk
Aliases: CVE-2020-21041 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-tv52-u3ru-7uc1
Aliases: CVE-2021-38092 |
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
Affected by 21 other vulnerabilities. |
|
VCID-tw9p-14dv-qfd1
Aliases: CVE-2020-20450 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-u45n-rr9s-ffah
Aliases: CVE-2025-0518 |
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed:Â https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman |
Affected by 7 other vulnerabilities. |
|
VCID-u9w6-aeku-akav
Aliases: CVE-2017-9994 |
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. |
Affected by 150 other vulnerabilities. |
|
VCID-ua27-1zcs-xffy
Aliases: CVE-2019-12730 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-ukcq-2rd1-2fdc
Aliases: CVE-2020-22029 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-v4b7-ptzf-47bt
Aliases: CVE-2020-20896 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-vrnc-cyyg-3yfb
Aliases: CVE-2018-14395 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-w85w-xyf2-kucn
Aliases: CVE-2020-22022 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-wn9q-ycnn-7kg5
Aliases: CVE-2020-20446 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-wrb6-w8ps-uuge
Aliases: CVE-2025-10256 |
ffmpeg: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c) |
Affected by 7 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-xnz9-udka-nufz
Aliases: CVE-2018-1999010 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-xr1x-p5ve-j7au
Aliases: CVE-2020-22043 |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. |
Affected by 21 other vulnerabilities. |
|
VCID-yava-v7c8-tkd8
Aliases: CVE-2020-20902 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-yjhh-upyt-qkht
Aliases: CVE-2024-35366 |
security update |
Affected by 21 other vulnerabilities. |
|
VCID-ykuh-4kyy-yyft
Aliases: CVE-2021-38291 |
Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-ymxh-d75c-xyec
Aliases: CVE-2018-6912 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
Affected by 100 other vulnerabilities. |
|
VCID-ywtw-jynv-nyce
Aliases: CVE-2017-14057 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-yyre-ybbu-8be4
Aliases: CVE-2020-12284 |
Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-yzhm-254s-5ygd
Aliases: CVE-2019-9718 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-zcky-jf6f-zbas
Aliases: CVE-2020-22015 |
security update |
Affected by 100 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-zm5h-d795-nqgp
Aliases: CVE-2017-16840 |
security update |
Affected by 150 other vulnerabilities. Affected by 100 other vulnerabilities. |
|
VCID-zy4a-ax4q-5qb9
Aliases: CVE-2019-9721 |
ffmpeg: complex format argument in handle_open_brace in libavcodec/htmlsubtitles.c causing denial of service |
Affected by 100 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1228-m28x-bkbm | Multiple vulnerabilities have been found in MPlayer and the bundled FFmpeg, the worst of which may lead to the execution of arbitrary code. |
CVE-2008-4610
|
| VCID-1xuu-f8z5-rych | FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. |
CVE-2017-7866
|
| VCID-2bcj-d5ej-r3hr | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3929
|
| VCID-2p8s-rj1c-k3fs | Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service or gain escalated privileges. |
CVE-2014-7933
|
| VCID-2r8m-jabw-pqcs | ffmpeg: av_lzo1x_decode() integer overflow |
CVE-2014-4610
|
| VCID-2w9w-wdmc-2kba | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2788
|
| VCID-36nu-w1cf-nyfv | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2779
|
| VCID-3b6p-c2ka-a3dv | The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. |
CVE-2016-8595
|
| VCID-3nks-wkaa-87ab | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2783
|
| VCID-3skg-xr5m-wuhe | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2016-1898
|
| VCID-3st2-cqk2-dbbc | security update |
CVE-2014-8544
|
| VCID-3w4h-ej87-2bak | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2012-0853
|
| VCID-3xfg-3hms-eufb | The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. |
CVE-2016-6671
|
| VCID-42bs-g677-syav | The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data. |
CVE-2015-6821
|
| VCID-46j1-56b7-h7e5 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-4351
|
| VCID-4e7p-eq3e-2ydq | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3952
|
| VCID-4gty-uet7-9qh1 | several |
CVE-2013-0854
|
| VCID-51s3-7aca-uudb | Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. |
CVE-2016-10191
|
| VCID-5dyh-e4qk-8bc9 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-8541
|
| VCID-5ecw-gxq8-afeu | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7009
|
| VCID-6h3b-1zee-bkbu | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3893
|
| VCID-6ve2-44rx-a7f3 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2777
|
| VCID-763d-t7yg-z3a6 | The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data. |
CVE-2013-2496
|
| VCID-76n3-ajwb-jye4 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2780
|
| VCID-7cv2-w5ns-pqbd | Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2016-5199
|
| VCID-7fth-gbd9-pbgq | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-0947
|
| VCID-7ftk-cmhs-6kha | Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. |
CVE-2016-6164
|
| VCID-7gm5-dzcy-7ue1 | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file. |
CVE-2012-5361
|
| VCID-7udv-1hxe-uqgv | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0867
|
| VCID-7zah-3c5m-wygh | security update |
CVE-2015-8365
|
| VCID-836z-kedn-4qbp | The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893. |
CVE-2012-0859
|
| VCID-84zv-2dtm-v7ev | In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. |
CVE-2017-1000460
|
| VCID-896h-63ya-bkdx | The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers. |
CVE-2015-8363
|
| VCID-8e6g-myzr-f3cs | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3940
|
| VCID-8w5z-ed96-tyh5 | several |
CVE-2013-0850
|
| VCID-8yeg-3zzb-bbax | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2012-0852
|
| VCID-915s-xb5w-v7d3 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3936
|
| VCID-9db5-5fb2-qub4 | Multiple vulnerabilities have been found in Libav, the worst of which may allow a Denial of Service condition. |
CVE-2017-7862
|
| VCID-9h1t-cteg-4bdr | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-0860
|
| VCID-9mc9-25cy-5kdk | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-5272
|
| VCID-ac79-f3hy-qkbq | The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723. |
CVE-2011-2160
|
| VCID-aud3-7f5k-2ffs | The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file. |
CVE-2015-6825
|
| VCID-ayqf-v7b1-ekc4 | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7555
|
| VCID-b32a-qp1q-hfhv | Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue. |
CVE-2011-0480
|
| VCID-b3z7-f6ef-8uev | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2778
|
| VCID-b76q-cxeh-kyab | Multiple vulnerabilities have been found in libav, the worst of which may allow execution of arbitrary code. |
CVE-2015-3395
|
| VCID-b7qy-3n8b-akb3 | Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data. |
CVE-2015-8364
|
| VCID-c9as-jnrv-1uca | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2010-4704
|
| VCID-cba6-ptd9-37bj | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3944
|
| VCID-e2as-em33-afb9 | security update |
CVE-2012-6618
|
| VCID-e6e4-4hr7-skdu | Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. |
CVE-2015-1207
|
| VCID-e9kd-fpkm-2qhe | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-8549
|
| VCID-e9un-j31b-rug8 | security update |
CVE-2014-8547
|
| VCID-ehgf-99d2-uyeh | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7502
|
| VCID-ez11-ffk4-n3bv | FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. |
CVE-2017-7865
|
| VCID-fqxy-s1w8-nkds | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-4364
|
| VCID-fy4j-u18p-83f5 | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7905
|
| VCID-gb6n-8hj8-6qeb | The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. |
CVE-2015-8661
|
| VCID-gqfr-j8ju-73fh | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7562
|
| VCID-gv1x-4yk7-eucv | The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. |
CVE-2015-8216
|
| VCID-h3q7-zqpz-kbgn | Multiple vulnerabilities have been found in libav, the worst of which may allow execution of arbitrary code. |
CVE-2016-3062
|
| VCID-hehw-7bnw-buff | Multiple vulnerabilities have been found in libav, the worst of which may allow execution of arbitrary code. |
CVE-2015-3417
|
| VCID-hjnb-4g3n-kkft | The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. |
CVE-2015-8662
|
| VCID-hjsy-nr8t-u7fr | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2784
|
| VCID-htpg-54z4-kqce | several |
CVE-2013-7015
|
| VCID-hynf-a613-ckg7 | FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file. |
CVE-2011-0723
|
| VCID-hzzb-1gcc-wkhn | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3974
|
| VCID-j1gj-mw7k-2ub9 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2016-2213
|
| VCID-j2uh-c55d-kfb7 | The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data. |
CVE-2013-2277
|
| VCID-j4y8-r6rr-aqeb | The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames. |
CVE-2011-2161
|
| VCID-jb5a-yed1-cuc7 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2771
|
| VCID-jrpc-5n1u-dygq | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7450
|
| VCID-k2w1-zaf6-bbfb | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2772
|
| VCID-k42r-3hax-dqcy | The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. |
CVE-2015-8219
|
| VCID-kajv-5scj-uqcd | Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. |
CVE-2016-7393
|
| VCID-kybt-qj87-zkfw | The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed." |
CVE-2011-4579
|
| VCID-kzw2-53c2-r7fe | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0873
|
| VCID-m93p-kqye-6ycz | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-8546
|
| VCID-mep9-2hjj-2ucj | The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. |
CVE-2015-6822
|
| VCID-mfbv-npxq-fbb7 | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7122
|
| VCID-mjdt-dmjx-rbas | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2009-4639
|
| VCID-mn41-aeh8-n3bk | The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. |
CVE-2015-1872
|
| VCID-n8eq-zjwh-6qhb | several |
CVE-2013-7010
|
| VCID-nb1j-bc2k-sbgj | The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data. |
CVE-2015-8217
|
| VCID-nmaj-ujqe-fbaq | The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. |
CVE-2016-9561
|
| VCID-nuzx-58sb-pkfz | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3362
|
| VCID-pcfe-vcem-2uga | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2012-0858
|
| VCID-pdez-6yzf-rqaa | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-4353
|
| VCID-peqq-9hfy-v7bj | FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. |
CVE-2017-7863
|
| VCID-q7ne-62wb-vkcu | The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file. |
CVE-2015-8663
|
| VCID-qd3m-aace-gqfh | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-9603
|
| VCID-qjr2-mtbt-fbh7 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2805
|
| VCID-qk64-d9qt-syea | The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value. |
CVE-2013-0856
|
| VCID-qkwe-mvp8-dyhb | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2803
|
| VCID-qm31-4jjc-wqcp | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2776
|
| VCID-qpzc-7m5j-ebfr | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-9602
|
| VCID-qu7n-8fzd-n7dq | Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. |
CVE-2015-6819
|
| VCID-qvqs-e1hv-dqgz | several |
CVE-2013-0849
|
| VCID-r1a7-gy73-tqaz | The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. |
CVE-2011-3504
|
| VCID-r3a8-buwe-8uep | security update |
CVE-2013-7020
|
| VCID-rk7u-49nq-nucf | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3947
|
| VCID-rp3h-1w1e-guhf | Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers." |
CVE-2011-2162
|
| VCID-s6un-h6n8-wbha | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3946
|
| VCID-sqmy-qruf-v3bc | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2797
|
| VCID-su7a-a1v1-r7hp | Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. |
CVE-2013-0894
|
| VCID-svh2-rvdu-1fcf | Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service or gain escalated privileges. |
CVE-2014-7937
|
| VCID-t2ac-vqpz-vfem | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2013-3672
|
| VCID-t4xz-phzk-47fk | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-8542
|
| VCID-t5mw-tdwm-xugw | Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. |
CVE-2012-5150
|
| VCID-t7b1-zmhg-47ff | The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. |
CVE-2015-6818
|
| VCID-tcug-g6aa-9uhv | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2016-1897
|
| VCID-te22-6sy1-abds | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-0848
|
| VCID-te7d-jfk4-tyg6 | several |
CVE-2013-0858
|
| VCID-tf92-az5w-qkg6 | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-0868
|
| VCID-tkyv-udaa-3yf2 | Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. |
CVE-2015-1208
|
| VCID-tq6b-6p47-93d5 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2804
|
| VCID-tsrj-t3se-2fbw | Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. |
CVE-2016-10190
|
| VCID-tyw3-z3f8-83ek | libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c. |
CVE-2017-9051
|
| VCID-u29q-aauu-1ubg | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3951
|
| VCID-u3s8-mvze-pkbb | The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data. |
CVE-2015-8218
|
| VCID-ud3h-b3k7-dkd3 | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7785
|
| VCID-uet3-fnhy-eybr | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2013-3670
|
| VCID-ufg8-5jjv-ryb2 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7011
|
| VCID-ujdm-ubfw-57bs | The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. |
CVE-2016-6881
|
| VCID-ujgq-e44n-8fhp | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2012-0851
|
| VCID-uq63-1f7v-xbc3 | security update |
CVE-2014-2263
|
| VCID-uqjr-dxqx-2ka6 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3895
|
| VCID-v3b6-vny7-wubx | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2781
|
| VCID-v5z3-q4pd-9qc8 | Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. |
CVE-2016-6920
|
| VCID-vam6-cseq-7uag | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. |
CVE-2012-5360
|
| VCID-vka8-kexr-g7ej | Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. |
CVE-2016-10192
|
| VCID-vq2m-rgkr-efcf | several |
CVE-2013-0844
|
| VCID-vqrb-wyeh-gyhv | Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2015-6761
|
| VCID-vzb3-czne-nya8 | several |
CVE-2013-0865
|
| VCID-vzz4-bdcx-mqhm | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3941
|
| VCID-wa31-6v3y-qygt | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2010-3908
|
| VCID-wcwp-zq2f-9fap | security update |
CVE-2014-8543
|
| VCID-weuz-9gje-xyea | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3973
|
| VCID-wpwh-kftw-vyhp | Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2017-5024
|
| VCID-wvzg-agjg-a7f1 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2775
|
| VCID-wxyc-g5yx-rqcv | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2773
|
| VCID-xba6-4hat-7yaz | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file. |
CVE-2012-5359
|
| VCID-xhd6-cw8u-ubd7 | The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. |
CVE-2015-6824
|
| VCID-xnhs-ez8z-nka2 | The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data. |
CVE-2015-6820
|
| VCID-xq5b-uuhn-bqd4 | The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data. |
CVE-2015-6826
|
| VCID-xy54-2jvp-63c1 | Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. |
CVE-2011-3892
|
| VCID-yn5k-rnty-u3d6 | security update |
CVE-2014-9604
|
| VCID-ysu4-93vf-q7gp | Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2017-5025
|
| VCID-ytp9-b3ub-dbbw | security update |
CVE-2014-8548
|
| VCID-yzqd-t4b6-7yhc | The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. |
CVE-2015-6823
|
| VCID-z3bp-s1zs-guhs | There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. |
CVE-2017-11684
|
| VCID-zd31-hza6-6ka5 | FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. |
CVE-2011-0722
|
| VCID-zfz3-8m91-r3hr | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2801
|
| VCID-zjrs-4mu3-8ucd | The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header. |
CVE-2013-2495
|
| VCID-zpk3-uqa9-fyeu | The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access. |
CVE-2013-0869
|
| VCID-zrjt-up2x-tuej | several |
CVE-2013-0846
|
| VCID-zrxf-ckzt-wyf5 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3934
|
| VCID-zunv-c43k-2kfy | Multiple vulnerabilities have been found in Libav, the worst of which may allow a Denial of Service condition. |
CVE-2017-16803
|
| VCID-zw3e-43n5-hqaf | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-8545
|