VulnerableCode Package Details - pkg:deb/debian/ffmpeg@7:4.0.2-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2y9j-sdhe-t3fv	FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.	CVE-2018-1999014
VCID-44fr-brhn-3ba5	FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.	CVE-2018-1999015
VCID-64rv-4d7p-f7ae	In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.	CVE-2018-13304
VCID-77c1-h4ns-zkdg	In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.	CVE-2018-13301
VCID-cqnh-jcnf-cuh1	security update	CVE-2018-14394
VCID-dy2j-at4k-7qdn	security update	CVE-2018-1999013
VCID-hng1-rpw3-sqby	security update	CVE-2018-1999011
VCID-qwnc-76hk-33fa	security update	CVE-2018-1999012
VCID-scwk-yz1c-f3hg	In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.	CVE-2018-13303
VCID-vrnc-cyyg-3yfb	security update	CVE-2018-14395
VCID-xnz9-udka-nufz	security update	CVE-2018-1999010

Vulnerability

Summary

Aliases

VCID-2y9j-sdhe-t3fv

FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.

CVE-2018-1999014

VCID-44fr-brhn-3ba5

FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.

CVE-2018-1999015

VCID-64rv-4d7p-f7ae

In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.

CVE-2018-13304

VCID-77c1-h4ns-zkdg

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

CVE-2018-13301

VCID-cqnh-jcnf-cuh1

security update

CVE-2018-14394

VCID-dy2j-at4k-7qdn

security update

CVE-2018-1999013

VCID-hng1-rpw3-sqby

security update

CVE-2018-1999011

VCID-qwnc-76hk-33fa

security update

CVE-2018-1999012

VCID-scwk-yz1c-f3hg

In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

CVE-2018-13303

VCID-vrnc-cyyg-3yfb

security update

CVE-2018-14395

VCID-xnz9-udka-nufz

security update

CVE-2018-1999010

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:18:39.154742+00:00	Debian Importer	Fixing	VCID-hng1-rpw3-sqby	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T13:03:02.498569+00:00	Debian Importer	Fixing	VCID-44fr-brhn-3ba5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:47:51.491699+00:00	Debian Importer	Fixing	VCID-scwk-yz1c-f3hg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:40:21.607610+00:00	Debian Importer	Fixing	VCID-xnz9-udka-nufz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:38:23.216334+00:00	Debian Importer	Fixing	VCID-vrnc-cyyg-3yfb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:32:44.714091+00:00	Debian Importer	Fixing	VCID-2y9j-sdhe-t3fv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:12:23.188332+00:00	Debian Importer	Fixing	VCID-cqnh-jcnf-cuh1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:49:59.177348+00:00	Debian Importer	Fixing	VCID-qwnc-76hk-33fa	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:27:00.441783+00:00	Debian Importer	Fixing	VCID-dy2j-at4k-7qdn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:13:07.873203+00:00	Debian Importer	Fixing	VCID-77c1-h4ns-zkdg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:45:51.190229+00:00	Debian Importer	Fixing	VCID-64rv-4d7p-f7ae	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:10:13.592961+00:00	Debian Importer	Fixing	VCID-hng1-rpw3-sqby	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:58:16.514677+00:00	Debian Importer	Fixing	VCID-44fr-brhn-3ba5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:46:43.591854+00:00	Debian Importer	Fixing	VCID-scwk-yz1c-f3hg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:57:09.019075+00:00	Debian Importer	Fixing	VCID-xnz9-udka-nufz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:11:33.088676+00:00	Debian Importer	Fixing	VCID-vrnc-cyyg-3yfb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:07:12.585621+00:00	Debian Importer	Fixing	VCID-2y9j-sdhe-t3fv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:51:40.061115+00:00	Debian Importer	Fixing	VCID-cqnh-jcnf-cuh1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:34:18.567672+00:00	Debian Importer	Fixing	VCID-qwnc-76hk-33fa	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:18:17.040024+00:00	Debian Importer	Fixing	VCID-dy2j-at4k-7qdn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:10:02.903911+00:00	Debian Importer	Fixing	VCID-77c1-h4ns-zkdg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:53:15.415697+00:00	Debian Importer	Fixing	VCID-64rv-4d7p-f7ae	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:18:04.002887+00:00	Debian Importer	Fixing	VCID-hng1-rpw3-sqby	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:17:09.992580+00:00	Debian Importer	Fixing	VCID-44fr-brhn-3ba5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:16:13.090180+00:00	Debian Importer	Fixing	VCID-scwk-yz1c-f3hg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:12:23.212354+00:00	Debian Importer	Fixing	VCID-xnz9-udka-nufz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:53.495188+00:00	Debian Importer	Fixing	VCID-vrnc-cyyg-3yfb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:30.312816+00:00	Debian Importer	Fixing	VCID-2y9j-sdhe-t3fv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:07:18.847281+00:00	Debian Importer	Fixing	VCID-cqnh-jcnf-cuh1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:06:06.232658+00:00	Debian Importer	Fixing	VCID-qwnc-76hk-33fa	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:04:55.976463+00:00	Debian Importer	Fixing	VCID-dy2j-at4k-7qdn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:04:14.798718+00:00	Debian Importer	Fixing	VCID-77c1-h4ns-zkdg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:02:37.780390+00:00	Debian Importer	Fixing	VCID-64rv-4d7p-f7ae	https://security-tracker.debian.org/tracker/data/json	38.1.0