Search for packages
| purl | pkg:deb/debian/ffmpeg@7:5.1.7-0%2Bdeb12u1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1kt8-snqa-5ygv | A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists. |
CVE-2023-6602
|
| VCID-1vbq-3ve8-dbdr | FFmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c) |
CVE-2025-7700
|
| VCID-dxkt-5xbr-zbcw | FFmpeg: FFmpeg: Heap memory corruption when decoding OpenEXR files with DWAA/DWAB compression |
CVE-2025-59732
|
| VCID-e7ak-ahr6-wfa5 | When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond. |
CVE-2025-59731
|
| VCID-fw45-nn58-8khp | FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. |
CVE-2023-50007
|
| VCID-gfzm-92dd-bqfm | FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. |
CVE-2024-31582
|
| VCID-hd6u-9x7x-mke8 | A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs. |
CVE-2023-6605
|
| VCID-k14h-eek4-s3cv | A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. |
CVE-2025-22919
|
| VCID-kcjw-jy65-hfge | A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation. |
CVE-2023-6604
|
| VCID-m3u1-zn19-k3dy | FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer |
CVE-2024-35367
|
| VCID-m827-r499-xubz | FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. |
CVE-2024-35368
|
| VCID-n9qa-r9nt-fyc8 | A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000. |
CVE-2025-9951
|
| VCID-nxsr-usgh-z3ah | FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component. |
CVE-2023-50008
|
| VCID-qr7y-vmc2-8qce | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. |
CVE-2023-49502
|
| VCID-u45n-rr9s-ffah | Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman |
CVE-2025-0518
|
| VCID-zd2k-2pb2-y7gz | FFmpeg: FFmpeg: Buffer overflow in OpenEXR DWAA/DWAB decoding |
CVE-2025-59733
|