Search for packages
| purl | pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2qje-t52h-fyfk
Aliases: CVE-2026-40962 |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
|
VCID-352p-mxyy-k3bu
Aliases: CVE-2025-22921 |
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-e9kf-tzg8-9bht
Aliases: CVE-2024-36615 |
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-grh1-jxmf-dqdv
Aliases: CVE-2024-35369 |
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mun9-fyvn-8kfs
Aliases: CVE-2023-6601 |
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ns98-tu4j-sfd5
Aliases: CVE-2024-31578 |
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-uakc-kpg5-2ug5
Aliases: CVE-2023-49528 |
Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-wrb6-w8ps-uuge
Aliases: CVE-2025-10256 |
ffmpeg: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1228-m28x-bkbm | Multiple vulnerabilities have been found in MPlayer and the bundled FFmpeg, the worst of which may lead to the execution of arbitrary code. |
CVE-2008-4610
|
| VCID-126a-h1j8-37be | security update |
CVE-2020-22019
|
| VCID-132s-5ca1-ekge | security update |
CVE-2020-22031
|
| VCID-198c-34qv-rqg3 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-2097
|
| VCID-1bgd-eke7-3fhx | A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125015
|
| VCID-1dp9-jbnu-abcm | Multiple vulnerabilities in FFmpeg may lead to the remote execution of arbitrary code or a Denial of Service. |
CVE-2008-4867
|
| VCID-1ene-uw7y-hyh7 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. |
CVE-2020-22039
|
| VCID-1kt8-snqa-5ygv | A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists. |
CVE-2023-6602
|
| VCID-1naj-ejg3-vucx | security update |
CVE-2020-20445
|
| VCID-1pp8-ygjm-cbcm | Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to the curtileno variable. |
CVE-2012-0855
|
| VCID-1ppb-hsn1-rfb4 | security update |
CVE-2017-14171
|
| VCID-1vbq-3ve8-dbdr | FFmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c) |
CVE-2025-7700
|
| VCID-1vff-ss3h-gbay | Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-bounds array access. |
CVE-2013-0855
|
| VCID-1wgj-dtu4-qkdf | ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c. |
CVE-2024-55069
|
| VCID-1xuu-f8z5-rych | FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. |
CVE-2017-7866
|
| VCID-224f-63ph-guft | several |
CVE-2013-0857
|
| VCID-22aj-15ec-dudu | A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125003
|
| VCID-247k-szve-ckcs | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0878
|
| VCID-2843-dc35-wqb1 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
CVE-2020-13904
|
| VCID-2bcj-d5ej-r3hr | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3929
|
| VCID-2f16-cqn7-c3hg | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-9318
|
| VCID-2f5v-efwu-zkf2 | security update |
CVE-2017-14054
|
| VCID-2fqf-58hb-a7a5 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. |
CVE-2025-25469
|
| VCID-2h78-8pyd-bkd7 | Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
CVE-2021-38093
|
| VCID-2hrw-6afu-dydy | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-9316
|
| VCID-2k2f-v66d-t3h3 | FFmpeg: Double-Free Vulnerability in FFmpeg TensorFlow DNN Backend |
CVE-2025-12343
|
| VCID-2nba-zbyx-eue3 | Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map. |
CVE-2023-51791
|
| VCID-2nmm-nuw3-tbfj | Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
CVE-2022-3965
|
| VCID-2p8s-rj1c-k3fs | Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service or gain escalated privileges. |
CVE-2014-7933
|
| VCID-2r5v-2n11-u3c3 | security update |
CVE-2020-22021
|
| VCID-2r8m-jabw-pqcs | ffmpeg: av_lzo1x_decode() integer overflow |
CVE-2014-4610
|
| VCID-2sq1-jdmd-bug1 | The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access. |
CVE-2013-0847
|
| VCID-2w9w-wdmc-2kba | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2788
|
| VCID-2xa8-jpbu-nfgw | security update |
CVE-2019-11338
|
| VCID-2y4c-3nny-3ybc | security update |
CVE-2020-22049
|
| VCID-2y9j-sdhe-t3fv | FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later. |
CVE-2018-1999014
|
| VCID-2zp5-1mhj-xba8 | Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2018-10001
|
| VCID-2zqc-psx1-r7gt | security update |
CVE-2017-14059
|
| VCID-31qj-hjbv-f7ec | libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c. |
CVE-2018-12460
|
| VCID-36nu-w1cf-nyfv | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2779
|
| VCID-3b6p-c2ka-a3dv | The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. |
CVE-2016-8595
|
| VCID-3etm-sqyu-67fm | FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. |
CVE-2024-36619
|
| VCID-3frq-jdkb-gbe3 | Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2018-7751
|
| VCID-3h4v-tpz1-nkc8 | The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data. |
CVE-2019-11339
|
| VCID-3kuu-9ct2-ufff | security update |
CVE-2020-21688
|
| VCID-3nks-wkaa-87ab | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2783
|
| VCID-3rut-euq4-nye9 | Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
CVE-2021-38090
|
| VCID-3skg-xr5m-wuhe | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2016-1898
|
| VCID-3st2-cqk2-dbbc | security update |
CVE-2014-8544
|
| VCID-3uu6-gewn-puhh | Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
CVE-2021-38171
|
| VCID-3vdw-3jtz-yqcu | security update |
CVE-2017-9608
|
| VCID-3w4h-ej87-2bak | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2012-0853
|
| VCID-3xfg-3hms-eufb | The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. |
CVE-2016-6671
|
| VCID-42bs-g677-syav | The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data. |
CVE-2015-6821
|
| VCID-44dk-aj5n-xbha | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2794
|
| VCID-44fr-brhn-3ba5 | FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. |
CVE-2018-1999015
|
| VCID-46j1-56b7-h7e5 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-4351
|
| VCID-4dbn-zqcg-sqed | security update |
CVE-2020-22036
|
| VCID-4e7p-eq3e-2ydq | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3952
|
| VCID-4gty-uet7-9qh1 | several |
CVE-2013-0854
|
| VCID-4jvg-pcqe-5qh5 | A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125018
|
| VCID-4mv3-944q-43av | security update |
CVE-2020-22034
|
| VCID-4p7u-gbbg-8qec | security update |
CVE-2020-20892
|
| VCID-4rx9-wv92-mbds | security update |
CVE-2017-15672
|
| VCID-4wdw-3g3z-cfb1 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2789
|
| VCID-51s3-7aca-uudb | Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. |
CVE-2016-10191
|
| VCID-53q2-pjmd-yudm | security update |
CVE-2017-11719
|
| VCID-53qa-thf6-b7dt | FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. |
CVE-2024-32229
|
| VCID-54bh-w7uz-zybm | The OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. |
CVE-2011-1196
|
| VCID-54sp-9tsa-jkfv | security update |
CVE-2017-14225
|
| VCID-55tz-e6th-bqhd | Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
CVE-2020-14212
|
| VCID-57nj-y97s-9ybm | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0862
|
| VCID-5a5k-ncq2-mff2 | Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file. |
CVE-2012-0847
|
| VCID-5d1q-u8kw-gyce | security update |
CVE-2024-32230
|
| VCID-5dyh-e4qk-8bc9 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-8541
|
| VCID-5ecw-gxq8-afeu | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7009
|
| VCID-5mvh-utfm-6kd8 | FFmpeg: FFmpeg: Integer underflow in DHAV file header parsing leads to out-of-bounds read |
CVE-2025-59729
|
| VCID-5nx6-fzzv-y7hv | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0874
|
| VCID-5t4n-ymvt-dbht | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2799
|
| VCID-5tcy-5qh1-tfds | security update |
CVE-2020-20453
|
| VCID-5uzy-vv1e-pffa | security update |
CVE-2020-22033
|
| VCID-5w7b-tky9-5kdw | security update |
CVE-2023-51798
|
| VCID-5wyh-x9v3-bke9 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2013-3671
|
| VCID-5zpv-11eu-67em | security update |
CVE-2020-22017
|
| VCID-616m-bsha-k3d9 | Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value. |
CVE-2012-0849
|
| VCID-64rv-4d7p-f7ae | In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c. |
CVE-2018-13304
|
| VCID-69c5-czpf-ubbt | security update |
CVE-2020-20448
|
| VCID-6cw6-yt4s-fygb | security update |
CVE-2017-14170
|
| VCID-6h3b-1zee-bkbu | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3893
|
| VCID-6kcw-hqwg-sqhb | A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125004
|
| VCID-6t4h-5tr8-5fg9 | FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
CVE-2024-31585
|
| VCID-6v9u-fg54-vkdq | Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
CVE-2022-1475
|
| VCID-6ve2-44rx-a7f3 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2777
|
| VCID-6vmv-ae1p-47c9 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2790
|
| VCID-74cw-4jws-53en | security update |
CVE-2024-36616
|
| VCID-763d-t7yg-z3a6 | The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data. |
CVE-2013-2496
|
| VCID-7661-8gpd-7yab | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. |
CVE-2020-22048
|
| VCID-76n3-ajwb-jye4 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2780
|
| VCID-7788-qe78-g7bk | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2009-4631
|
| VCID-77c1-h4ns-zkdg | In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. |
CVE-2018-13301
|
| VCID-7cv2-w5ns-pqbd | Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2016-5199
|
| VCID-7fth-gbd9-pbgq | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-0947
|
| VCID-7ftk-cmhs-6kha | Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. |
CVE-2016-6164
|
| VCID-7gm5-dzcy-7ue1 | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file. |
CVE-2012-5361
|
| VCID-7jm3-3pr8-r3dm | security update |
CVE-2017-17081
|
| VCID-7kmr-r2hd-dfap | A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization. |
CVE-2023-6603
|
| VCID-7rvw-fdhh-vbb7 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. |
CVE-2025-25468
|
| VCID-7skv-51zg-8qfh | security update |
CVE-2023-51793
|
| VCID-7udv-1hxe-uqgv | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0867
|
| VCID-7v23-u9nc-kkhs | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-0852
|
| VCID-7zah-3c5m-wygh | security update |
CVE-2015-8365
|
| VCID-836z-kedn-4qbp | The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893. |
CVE-2012-0859
|
| VCID-83hg-szmj-d3f2 | security update |
CVE-2020-21697
|
| VCID-84zv-2dtm-v7ev | In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. |
CVE-2017-1000460
|
| VCID-8753-typb-f3ay | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7024
|
| VCID-87hx-x9pb-t7d7 | The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif. |
CVE-2008-3230
|
| VCID-896h-63ya-bkdx | The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers. |
CVE-2015-8363
|
| VCID-89vu-uh6a-2few | Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). |
CVE-2020-24995
|
| VCID-8e6g-myzr-f3cs | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3940
|
| VCID-8h5z-6bc1-tuc3 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2774
|
| VCID-8pzz-vgxw-xqcv | security update |
CVE-2018-13302
|
| VCID-8s7h-pz8y-6qc6 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2787
|
| VCID-8sef-te24-d3gw | security update |
CVE-2018-15822
|
| VCID-8u47-xxj7-2ue6 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
CVE-2019-15942
|
| VCID-8w5z-ed96-tyh5 | several |
CVE-2013-0850
|
| VCID-8yan-7qec-57ac | Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
CVE-2020-35965
|
| VCID-8yeg-3zzb-bbax | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2012-0852
|
| VCID-915s-xb5w-v7d3 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3936
|
| VCID-93pp-w2pk-4kaf | qffmpeg/ffmpeg-spice: DoS via vectors related to the rtp format in ffserver.c |
CVE-2012-6617
|
| VCID-9db5-5fb2-qub4 | Multiple vulnerabilities have been found in Libav, the worst of which may allow a Denial of Service condition. |
CVE-2017-7862
|
| VCID-9h1t-cteg-4bdr | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-0860
|
| VCID-9mc9-25cy-5kdk | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-5272
|
| VCID-9te6-anvj-2qfg | In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. |
CVE-2018-13305
|
| VCID-9vgp-smu2-nfdb | An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. |
CVE-2018-12459
|
| VCID-9w52-r33d-aygp | Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2018-9841
|
| VCID-9yn3-5kba-f7az | The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors, which triggers a heap-based buffer overflow. |
CVE-2012-0854
|
| VCID-a1vj-7z31-fff2 | Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2019-17542
|
| VCID-a4se-yrg5-dqgc | Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. |
CVE-2020-22024
|
| VCID-aa2u-md78-pkdg | security update |
CVE-2017-14056
|
| VCID-ac79-f3hy-qkbq | The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723. |
CVE-2011-2160
|
| VCID-ahgr-hux1-gubh | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-4263
|
| VCID-aj2n-gz1w-gbaw | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. |
CVE-2020-22044
|
| VCID-aqyk-qq3p-3ugd | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2013-3674
|
| VCID-at8g-nqpk-53bu | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7016
|
| VCID-aud3-7f5k-2ffs | The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file. |
CVE-2015-6825
|
| VCID-axg9-tx5m-xufr | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2010-4705
|
| VCID-aypg-u4ez-z3by | FFmpeg: FFmpeg: Use-after-free vulnerability in SANM decoding |
CVE-2025-59734
|
| VCID-ayqf-v7b1-ekc4 | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7555
|
| VCID-azt6-p94b-4ke8 | security update |
CVE-2021-38114
|
| VCID-b1zp-uw35-hyen | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc. |
CVE-2020-22041
|
| VCID-b32a-qp1q-hfhv | Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue. |
CVE-2011-0480
|
| VCID-b3z7-f6ef-8uev | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2778
|
| VCID-b76q-cxeh-kyab | Multiple vulnerabilities have been found in libav, the worst of which may allow execution of arbitrary code. |
CVE-2015-3395
|
| VCID-b7qy-3n8b-akb3 | Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data. |
CVE-2015-8364
|
| VCID-bjzd-xs1q-tkas | security update |
CVE-2021-3566
|
| VCID-btjr-xbv4-r3h4 | The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data. |
CVE-2013-2276
|
| VCID-bu85-sac7-z7ba | security update |
CVE-2018-13300
|
| VCID-bv1x-tr6m-qke1 | Multiple vulnerabilities in FFmpeg may lead to the remote execution of arbitrary code or a Denial of Service. |
CVE-2008-4868
|
| VCID-c1dd-bedv-jbem | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-0851
|
| VCID-c499-qvu1-x3h6 | security update |
CVE-2018-6621
|
| VCID-c9as-jnrv-1uca | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2010-4704
|
| VCID-cba6-ptd9-37bj | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3944
|
| VCID-cbbs-m2hw-2kha | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2796
|
| VCID-cjef-ggd6-tugx | security update |
CVE-2020-22027
|
| VCID-cjw3-f4q3-vbek | several |
CVE-2013-7014
|
| VCID-cnfg-rbw5-1ybf | FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application. |
CVE-2024-31581
|
| VCID-cnnd-5z7a-5qen | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7022
|
| VCID-cpnk-whs1-6kg7 | A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
CVE-2025-1594
|
| VCID-cqnh-jcnf-cuh1 | security update |
CVE-2018-14394
|
| VCID-cqv2-myzu-pqfa | A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125005
|
| VCID-crmy-twr2-zqg5 | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2012-5144
|
| VCID-ctp2-3k8k-wkez | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2786
|
| VCID-cv9h-u8a9-gqe9 | ffmpeg: FFmpeg: Double-free vulnerability in new_stream_audio function |
CVE-2024-35365
|
| VCID-cwdm-78q3-r7ch | Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
CVE-2020-35964
|
| VCID-cx7q-2vku-k7bx | Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c |
CVE-2023-47470
|
| VCID-d64g-97h2-1qcs | FFmpeg: FFmpeg: Heap-buffer-overflow in SANM (ANIM v0 variant) file frame decoding |
CVE-2025-59730
|
| VCID-d9xn-zb4d-7ubd | security update |
CVE-2017-14058
|
| VCID-dbxj-ayf9-cuad | security update |
CVE-2024-36617
|
| VCID-deye-6fud-bkf1 | security update |
CVE-2020-22026
|
| VCID-dhym-628j-gyc9 | Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file. NOTE: this vulnerability exists because of a regression error. |
CVE-2012-0856
|
| VCID-dkhw-evaq-xuc8 | security update |
CVE-2020-22042
|
| VCID-du4y-1xud-affq | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3937
|
| VCID-dx4t-wzh9-tbfn | security update |
CVE-2017-14169
|
| VCID-dxkt-5xbr-zbcw | FFmpeg: FFmpeg: Heap memory corruption when decoding OpenEXR files with DWAA/DWAB compression |
CVE-2025-59732
|
| VCID-dy2j-at4k-7qdn | security update |
CVE-2018-1999013
|
| VCID-e2as-em33-afb9 | security update |
CVE-2012-6618
|
| VCID-e57q-2f8h-1yee | Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
CVE-2019-13312
|
| VCID-e6e4-4hr7-skdu | Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. |
CVE-2015-1207
|
| VCID-e7ak-ahr6-wfa5 | When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond. |
CVE-2025-59731
|
| VCID-e9kd-fpkm-2qhe | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-8549
|
| VCID-e9un-j31b-rug8 | security update |
CVE-2014-8547
|
| VCID-ed68-9h9m-zqbx | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3935
|
| VCID-egw2-6put-7bce | security update |
CVE-2017-11399
|
| VCID-ehfg-vtjd-ayau | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2013-3673
|
| VCID-ehgf-99d2-uyeh | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7502
|
| VCID-ehus-68jt-vue9 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2010-3429
|
| VCID-ehxu-n6zn-h7be | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. |
CVE-2020-22051
|
| VCID-eq2n-wmh3-yufh | A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125011
|
| VCID-etr9-szca-nffm | several |
CVE-2013-0845
|
| VCID-eyf7-r7m9-jfhm | Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2019-13390
|
| VCID-ez11-ffk4-n3bv | FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. |
CVE-2017-7865
|
| VCID-f3jf-6qya-nuht | The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. |
CVE-2017-9996
|
| VCID-f4j7-1cqh-xfh7 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-4264
|
| VCID-f7vs-mmvn-huf9 | security update |
CVE-2023-50010
|
| VCID-f83p-e1wa-wbah | A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125013
|
| VCID-f9v9-2pd5-57g8 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2009-4635
|
| VCID-fn6w-m7ka-e3ex | The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow. |
CVE-2012-0850
|
| VCID-fnt2-q1y6-d3hf | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-9317
|
| VCID-fpby-s5k4-ybg1 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2016-2328
|
| VCID-fqxy-s1w8-nkds | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-4364
|
| VCID-fqzc-ggz9-gbd5 | A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. |
CVE-2024-7055
|
| VCID-frwv-4zeq-sbh2 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2009-4636
|
| VCID-fw43-1pdc-kugv | security update |
CVE-2017-11665
|
| VCID-fw45-nn58-8khp | FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. |
CVE-2023-50007
|
| VCID-fxqx-4tbe-n3e6 | A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 |
CVE-2022-2566
|
| VCID-fy4j-u18p-83f5 | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7905
|
| VCID-fzc3-fc7s-9kdj | security update |
CVE-2018-6392
|
| VCID-g1ag-ugcm-zudw | security update |
CVE-2020-22016
|
| VCID-g1y7-hq4d-6ya7 | security update |
CVE-2017-14767
|
| VCID-g2v8-4pvp-kbhy | Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
CVE-2021-38091
|
| VCID-g4te-h48e-fyeu | security update |
CVE-2020-22054
|
| VCID-gb6n-8hj8-6qeb | The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. |
CVE-2015-8661
|
| VCID-gcbv-1cdm-g3gg | The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. |
CVE-2017-7206
|
| VCID-gd9n-htmv-jbgy | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7013
|
| VCID-gfzm-92dd-bqfm | FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. |
CVE-2024-31582
|
| VCID-gqfr-j8ju-73fh | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7562
|
| VCID-gv1x-4yk7-eucv | The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. |
CVE-2015-8216
|
| VCID-gwet-989h-3fhz | FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. |
CVE-2024-36618
|
| VCID-gztp-4964-3fe2 | Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2018-7557
|
| VCID-h3q7-zqpz-kbgn | Multiple vulnerabilities have been found in libav, the worst of which may allow execution of arbitrary code. |
CVE-2016-3062
|
| VCID-h9pf-cucf-tqe6 | Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2019-17539
|
| VCID-hc13-gs1j-suhs | MPlayer is vulnerable to integer overflows in FFmpeg and ASF decoding that could potentially result in the execution of arbitrary code. |
CVE-2005-4048
|
| VCID-hcf3-x3kz-gkaz | FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. |
CVE-2025-25471
|
| VCID-hd6u-9x7x-mke8 | A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs. |
CVE-2023-6605
|
| VCID-hehw-7bnw-buff | Multiple vulnerabilities have been found in libav, the worst of which may allow execution of arbitrary code. |
CVE-2015-3417
|
| VCID-hert-vku8-1ydd | security update |
CVE-2023-51794
|
| VCID-hjnb-4g3n-kkft | The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. |
CVE-2015-8662
|
| VCID-hjsy-nr8t-u7fr | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2784
|
| VCID-hng1-rpw3-sqby | security update |
CVE-2018-1999011
|
| VCID-hp2q-hjkw-m7dq | security update |
CVE-2022-3109
|
| VCID-hs6k-vw8x-7kcb | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. |
CVE-2020-22056
|
| VCID-htpg-54z4-kqce | several |
CVE-2013-7015
|
| VCID-hw9n-ge2h-dqc3 | Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. |
CVE-2024-22861
|
| VCID-hy8h-fhaj-jbew | Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
CVE-2022-48434
|
| VCID-hynf-a613-ckg7 | FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file. |
CVE-2011-0723
|
| VCID-hzzb-1gcc-wkhn | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3974
|
| VCID-j1gj-mw7k-2ub9 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2016-2213
|
| VCID-j1u7-chw5-7ybd | A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. |
CVE-2020-22040
|
| VCID-j2uh-c55d-kfb7 | The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data. |
CVE-2013-2277
|
| VCID-j3u1-ar4c-zqce | The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an out-of-bounds array access. |
CVE-2013-0859
|
| VCID-j4bt-nrmt-j7fa | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2009-4633
|
| VCID-j4y8-r6rr-aqeb | The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames. |
CVE-2011-2161
|
| VCID-j5ns-nbc5-9qgs | security update |
CVE-2017-14222
|
| VCID-j716-3n1b-huhv | security update |
CVE-2020-22028
|
| VCID-jb5a-yed1-cuc7 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2771
|
| VCID-jk4d-w3n7-dbg4 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2785
|
| VCID-jk8v-sy2r-nfer | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2802
|
| VCID-jktw-kqvr-r7h8 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2016-2329
|
| VCID-jrcs-sa3z-43du | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3945
|
| VCID-jrpc-5n1u-dygq | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7450
|
| VCID-ju23-jjm4-1yd6 | security update |
CVE-2020-22030
|
| VCID-jx57-jbtz-efe7 | FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. |
CVE-2020-23906
|
| VCID-jyba-xwh6-kue5 | FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component. |
CVE-2023-50009
|
| VCID-jzh8-angx-xyeg | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7012
|
| VCID-k14h-eek4-s3cv | A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. |
CVE-2025-22919
|
| VCID-k2w1-zaf6-bbfb | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2772
|
| VCID-k3ns-gbt4-rff4 | FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c. |
CVE-2025-25473
|
| VCID-k41f-cnus-jqe6 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2016-2326
|
| VCID-k42r-3hax-dqcy | The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. |
CVE-2015-8219
|
| VCID-k48w-9as5-mqav | A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125019
|
| VCID-kajv-5scj-uqcd | Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. |
CVE-2016-7393
|
| VCID-karv-6kgy-7kd9 | A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125022
|
| VCID-kcjw-jy65-hfge | A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation. |
CVE-2023-6604
|
| VCID-kg4f-nzsg-zqgt | A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125024
|
| VCID-kkgc-yhse-d3ga | security update |
CVE-2017-15186
|
| VCID-kybt-qj87-zkfw | The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed." |
CVE-2011-4579
|
| VCID-kzuj-fuh9-hfer | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-9676
|
| VCID-kzw2-53c2-r7fe | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0873
|
| VCID-m3u1-zn19-k3dy | FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer |
CVE-2024-35367
|
| VCID-m827-r499-xubz | FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. |
CVE-2024-35368
|
| VCID-m8hh-2aep-hugp | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0876
|
| VCID-m93p-kqye-6ycz | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-8546
|
| VCID-mbs9-wuys-1fgn | Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
CVE-2021-30123
|
| VCID-mbv4-w231-yffe | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7018
|
| VCID-mc9v-zn1h-r3cj | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0875
|
| VCID-mep9-2hjj-2ucj | The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. |
CVE-2015-6822
|
| VCID-mfaw-hutg-v7b4 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2792
|
| VCID-mfbv-npxq-fbb7 | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7122
|
| VCID-mfx3-a4bq-zkhy | security update |
CVE-2022-4907
|
| VCID-mjdt-dmjx-rbas | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2009-4639
|
| VCID-mn41-aeh8-n3bk | The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. |
CVE-2015-1872
|
| VCID-mnzz-p8eh-z3bt | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0863
|
| VCID-mtm5-9hfk-2kee | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2795
|
| VCID-mwwt-hfwu-g7f5 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame |
CVE-2023-51797
|
| VCID-mynq-m5p7-uqex | security update |
CVE-2017-14055
|
| VCID-mz5h-6t71-4qc4 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2009-4637
|
| VCID-n417-8xsr-nuhx | Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
CVE-2017-9991
|
| VCID-n82x-n8d1-4khs | security update |
CVE-2017-9993
|
| VCID-n8eq-zjwh-6qhb | several |
CVE-2013-7010
|
| VCID-n9nv-xzef-7kgr | A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125025
|
| VCID-n9qa-r9nt-fyc8 | A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000. |
CVE-2025-9951
|
| VCID-nb1j-bc2k-sbgj | The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data. |
CVE-2015-8217
|
| VCID-nd7z-nbky-hyaz | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7008
|
| VCID-nfj6-kgxb-r7b4 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0864
|
| VCID-nfkv-qaft-5qay | A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125020
|
| VCID-ngbz-h2dc-m3hg | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3949
|
| VCID-ngry-9b2s-5kdg | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-5271
|
| VCID-nhhz-64fq-pqg2 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. |
CVE-2024-22860
|
| VCID-nmaj-ujqe-fbaq | The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. |
CVE-2016-9561
|
| VCID-npwb-djcp-67aw | security update |
CVE-2020-22025
|
| VCID-nq34-6xt6-u3g5 | libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data. |
CVE-2013-4358
|
| VCID-ns8d-144c-zqd5 | A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). |
CVE-2025-22920
|
| VCID-ntp8-x798-b7b4 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame. |
CVE-2023-51796
|
| VCID-nuah-6bpn-m7bu | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. |
CVE-2023-49501
|
| VCID-nuzx-58sb-pkfz | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3362
|
| VCID-nw7b-kwcm-6bbn | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame |
CVE-2023-51795
|
| VCID-nxsr-usgh-z3ah | FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component. |
CVE-2023-50008
|
| VCID-nzna-uxam-jbgb | FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31. |
CVE-2019-1000016
|
| VCID-nzpy-ap16-w7a3 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0877
|
| VCID-p7c5-vwxs-j3cs | security update |
CVE-2017-14223
|
| VCID-p9ep-x7mj-dbg8 | Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
CVE-2020-20898
|
| VCID-pa11-k8vb-zuc2 | security update |
CVE-2020-22037
|
| VCID-pcfe-vcem-2uga | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2012-0858
|
| VCID-pdez-6yzf-rqaa | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-4353
|
| VCID-peqq-9hfy-v7bj | FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. |
CVE-2017-7863
|
| VCID-pjmc-zurg-wfdu | The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text. |
CVE-2012-6615
|
| VCID-pqw1-1ty8-mucj | security update |
CVE-2022-3341
|
| VCID-punc-9afs-kfeb | A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125007
|
| VCID-pyw4-6cjy-6ken | security update |
CVE-2017-9992
|
| VCID-q3wx-wbzs-zubf | A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125016
|
| VCID-q4yv-upxy-2bfx | A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125014
|
| VCID-q7ne-62wb-vkcu | The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file. |
CVE-2015-8663
|
| VCID-q7zf-nut2-tfan | Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
CVE-2021-38094
|
| VCID-qd3m-aace-gqfh | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-9603
|
| VCID-qf1v-9k1v-zqec | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7017
|
| VCID-qgbj-eex5-27c3 | security update |
CVE-2020-22020
|
| VCID-qjr2-mtbt-fbh7 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2805
|
| VCID-qk64-d9qt-syea | The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value. |
CVE-2013-0856
|
| VCID-qkwe-mvp8-dyhb | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2803
|
| VCID-qm31-4jjc-wqcp | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2776
|
| VCID-qpzc-7m5j-ebfr | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-9602
|
| VCID-qr7y-vmc2-8qce | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. |
CVE-2023-49502
|
| VCID-qrwa-htte-6ygg | Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
CVE-2017-9990
|
| VCID-qu7n-8fzd-n7dq | Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. |
CVE-2015-6819
|
| VCID-qvqs-e1hv-dqgz | several |
CVE-2013-0849
|
| VCID-qwnc-76hk-33fa | security update |
CVE-2018-1999012
|
| VCID-qz4c-h7t4-x3ft | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-4352
|
| VCID-r1a7-gy73-tqaz | The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. |
CVE-2011-3504
|
| VCID-r3a8-buwe-8uep | security update |
CVE-2013-7020
|
| VCID-r3wj-dy7h-a7ep | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2793
|
| VCID-r4rz-8ey9-fqb4 | Multiple vulnerabilities in FFmpeg may lead to the remote execution of arbitrary code or a Denial of Service. |
CVE-2008-4866
|
| VCID-r8ym-8wau-dyej | security update |
CVE-2020-22032
|
| VCID-rbsk-pp6x-yfbu | A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue. |
CVE-2014-125017
|
| VCID-rc6d-24r7-6ygd | Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. |
CVE-2020-24020
|
| VCID-rfby-3dun-rqf9 | ffmpeg: FFmpeg: Integer overflow vulnerability leads to Denial of Service |
CVE-2025-63757
|
| VCID-rk7u-49nq-nucf | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3947
|
| VCID-rp3h-1w1e-guhf | Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers." |
CVE-2011-2162
|
| VCID-rt66-ktnu-3qcq | A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125012
|
| VCID-rv73-funm-8kba | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7023
|
| VCID-s5r5-ux5c-xbft | security update |
CVE-2020-20891
|
| VCID-s6un-h6n8-wbha | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3946
|
| VCID-s85w-tanp-77hb | Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c. |
CVE-2020-20451
|
| VCID-s89e-x3gb-n3cg | A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue. |
CVE-2025-1373
|
| VCID-s8cb-95ne-bkgg | security update |
CVE-2020-22035
|
| VCID-scwk-yz1c-f3hg | In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. |
CVE-2018-13303
|
| VCID-sfw9-8qxf-wfd3 | Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. |
CVE-2021-28429
|
| VCID-sg5r-wbsa-eyd8 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2009-4632
|
| VCID-sgm1-d98g-nff9 | Multiple vulnerabilities in FFmpeg may lead to the remote execution of arbitrary code or a Denial of Service. |
CVE-2009-0385
|
| VCID-sj5b-sw93-sfer | A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125023
|
| VCID-spq1-m6bg-y3f4 | security update |
CVE-2020-22023
|
| VCID-sqmy-qruf-v3bc | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2797
|
| VCID-su7a-a1v1-r7hp | Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. |
CVE-2013-0894
|
| VCID-svh2-rvdu-1fcf | Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service or gain escalated privileges. |
CVE-2014-7937
|
| VCID-t2ac-vqpz-vfem | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2013-3672
|
| VCID-t46y-kzau-u3dv | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-1931
|
| VCID-t4xz-phzk-47fk | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-8542
|
| VCID-t595-a685-k3c7 | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2012-0848
|
| VCID-t5mw-tdwm-xugw | Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. |
CVE-2012-5150
|
| VCID-t7b1-zmhg-47ff | The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. |
CVE-2015-6818
|
| VCID-t7jf-1fk6-zqg6 | security update |
CVE-2016-7424
|
| VCID-t98z-5e9v-p7b8 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3950
|
| VCID-tadx-3e5r-s3eh | ffmpeg: FFmpeg: Integer overflow in DXA demuxer leads to denial of service |
CVE-2024-36613
|
| VCID-tbc1-g9n2-97af | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2009-4634
|
| VCID-tcu8-mgdg-yqhh | An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg. |
CVE-2016-8710
|
| VCID-tcug-g6aa-9uhv | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2016-1897
|
| VCID-tdnn-qfmc-wufa | security update |
CVE-2018-12458
|
| VCID-te22-6sy1-abds | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-0848
|
| VCID-te7d-jfk4-tyg6 | several |
CVE-2013-0858
|
| VCID-tedg-6nxj-vkbq | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7021
|
| VCID-tf92-az5w-qkg6 | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2013-0868
|
| VCID-tjjt-y2km-5ka6 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. |
CVE-2020-22046
|
| VCID-tkyv-udaa-3yf2 | Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. |
CVE-2015-1208
|
| VCID-tpwr-paas-nyhk | security update |
CVE-2020-21041
|
| VCID-tq6b-6p47-93d5 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2804
|
| VCID-trkw-xdsx-sffu | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2009-4638
|
| VCID-tsrj-t3se-2fbw | Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. |
CVE-2016-10190
|
| VCID-tv52-u3ru-7uc1 | Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
CVE-2021-38092
|
| VCID-tvr5-632n-cbc3 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-2098
|
| VCID-tw9p-14dv-qfd1 | security update |
CVE-2020-20450
|
| VCID-tyw3-z3f8-83ek | libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c. |
CVE-2017-9051
|
| VCID-u29q-aauu-1ubg | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3951
|
| VCID-u3g6-wkxn-7yhz | several |
CVE-2013-0853
|
| VCID-u3rm-za33-57am | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2016-2327
|
| VCID-u3s8-mvze-pkbb | The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data. |
CVE-2015-8218
|
| VCID-u45n-rr9s-ffah | Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed:Â https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman |
CVE-2025-0518
|
| VCID-u9w6-aeku-akav | libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. |
CVE-2017-9994
|
| VCID-ua27-1zcs-xffy | Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2019-12730
|
| VCID-ud3h-b3k7-dkd3 | Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. |
CVE-2016-7785
|
| VCID-uet3-fnhy-eybr | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2013-3670
|
| VCID-uf6u-1kyd-nqc5 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2009-4640
|
| VCID-ufg8-5jjv-ryb2 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7011
|
| VCID-ujdm-ubfw-57bs | The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. |
CVE-2016-6881
|
| VCID-ujgq-e44n-8fhp | Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. |
CVE-2012-0851
|
| VCID-ujjc-ays1-gfc2 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. |
CVE-2020-22038
|
| VCID-ukcq-2rd1-2fdc | security update |
CVE-2020-22029
|
| VCID-upvk-tf2s-zub8 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. |
CVE-2024-22862
|
| VCID-uq63-1f7v-xbc3 | security update |
CVE-2014-2263
|
| VCID-uqjr-dxqx-2ka6 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3895
|
| VCID-uu1r-qfrz-9qes | several |
CVE-2013-0866
|
| VCID-v3b6-vny7-wubx | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2781
|
| VCID-v4b7-ptzf-47bt | security update |
CVE-2020-20896
|
| VCID-v5z3-q4pd-9qc8 | Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. |
CVE-2016-6920
|
| VCID-v73v-5e7j-37hc | Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
CVE-2022-3964
|
| VCID-v8yp-w5v5-xqe7 | Multiple vulnerabilities in FFmpeg may lead to the remote execution of arbitrary code or a Denial of Service. |
CVE-2008-3162
|
| VCID-v9bs-9nth-1bck | Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
CVE-2021-33815
|
| VCID-vam6-cseq-7uag | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. |
CVE-2012-5360
|
| VCID-vfs1-n4ps-v3e6 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2013-3675
|
| VCID-vka8-kexr-g7ej | Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. |
CVE-2016-10192
|
| VCID-vp1x-2g5t-6qca | FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. |
CVE-2023-46407
|
| VCID-vq2m-rgkr-efcf | several |
CVE-2013-0844
|
| VCID-vqrb-wyeh-gyhv | Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2015-6761
|
| VCID-vrnc-cyyg-3yfb | security update |
CVE-2018-14395
|
| VCID-vw1c-wtjx-gbga | A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125006
|
| VCID-vzb3-czne-nya8 | several |
CVE-2013-0865
|
| VCID-vzz4-bdcx-mqhm | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3941
|
| VCID-w2hu-5u9a-kbdd | The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data. |
CVE-2014-2099
|
| VCID-w2vk-e1md-wkc9 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. |
CVE-2024-32228
|
| VCID-w82f-hvzm-dfhf | libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. |
CVE-2017-9995
|
| VCID-w85w-xyf2-kucn | security update |
CVE-2020-22022
|
| VCID-wa31-6v3y-qygt | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2010-3908
|
| VCID-wa5g-9n96-tybv | A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component. |
CVE-2024-7272
|
| VCID-wasv-apuh-sfe3 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0861
|
| VCID-wcwp-zq2f-9fap | security update |
CVE-2014-8543
|
| VCID-weuz-9gje-xyea | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3973
|
| VCID-wn9q-ycnn-7kg5 | security update |
CVE-2020-20446
|
| VCID-wpwh-kftw-vyhp | Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2017-5024
|
| VCID-wvzg-agjg-a7f1 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2775
|
| VCID-wwm7-ynx4-qkea | A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125021
|
| VCID-wxyc-g5yx-rqcv | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2773
|
| VCID-x3cd-px12-dyg3 | An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). |
CVE-2020-36138
|
| VCID-x9xw-3vku-3bbx | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2016-2330
|
| VCID-xb3p-8n52-byaf | FFmpeg is vulnerable to multiple buffer overflows that might be exploited to execute arbitrary code. |
CVE-2006-4800
|
| VCID-xba6-4hat-7yaz | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file. |
CVE-2012-5359
|
| VCID-xbth-p9h7-67e1 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-9319
|
| VCID-xh69-cs7h-wqb2 | A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue. |
CVE-2025-1816
|
| VCID-xhd6-cw8u-ubd7 | The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. |
CVE-2015-6824
|
| VCID-xnhs-ez8z-nka2 | The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data. |
CVE-2015-6820
|
| VCID-xnsb-a3tr-afgw | Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors. |
CVE-2012-0857
|
| VCID-xnz9-udka-nufz | security update |
CVE-2018-1999010
|
| VCID-xq5b-uuhn-bqd4 | The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data. |
CVE-2015-6826
|
| VCID-xr1x-p5ve-j7au | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. |
CVE-2020-22043
|
| VCID-xy54-2jvp-63c1 | Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. |
CVE-2011-3892
|
| VCID-y3yu-shaa-jyh5 | A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125010
|
| VCID-y661-ec7j-x7hw | A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125008
|
| VCID-yava-v7c8-tkd8 | security update |
CVE-2020-20902
|
| VCID-yjhh-upyt-qkht | security update |
CVE-2024-35366
|
| VCID-ykuh-4kyy-yyft | Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution |
CVE-2021-38291
|
| VCID-ymjg-a569-qfcy | A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125002
|
| VCID-ymxh-d75c-xyec | Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2018-6912
|
| VCID-yn5k-rnty-u3d6 | security update |
CVE-2014-9604
|
| VCID-ynmq-9awx-3ugg | A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
CVE-2014-125009
|
| VCID-ysu4-93vf-q7gp | Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2017-5025
|
| VCID-ytp9-b3ub-dbbw | security update |
CVE-2014-8548
|
| VCID-ywtw-jynv-nyce | security update |
CVE-2017-14057
|
| VCID-yy7s-tjh6-6bfj | In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read. |
CVE-2017-5984
|
| VCID-yyre-ybbu-8be4 | Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12284
|
| VCID-yzaj-ekfv-uufb | The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data. |
CVE-2012-6616
|
| VCID-yzge-s8kz-aufz | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-7019
|
| VCID-yzhm-254s-5ygd | security update |
CVE-2019-9718
|
| VCID-yzqd-t4b6-7yhc | The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. |
CVE-2015-6823
|
| VCID-z2w1-vp84-vkfy | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-4265
|
| VCID-z3bp-s1zs-guhs | There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. |
CVE-2017-11684
|
| VCID-z5gp-8z77-8uab | Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. |
CVE-2012-2882
|
| VCID-z9cg-s4wh-dkcj | Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet. |
CVE-2011-4031
|
| VCID-zb99-r9jh-u7gs | FFmpeg: out-of-bounds read in RV60 video decoder |
CVE-2025-69693
|
| VCID-zbm2-997f-fubj | The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. |
CVE-2013-0870
|
| VCID-zcky-jf6f-zbas | security update |
CVE-2020-22015
|
| VCID-zd2k-2pb2-y7gz | FFmpeg: FFmpeg: Buffer overflow in OpenEXR DWAA/DWAB decoding |
CVE-2025-59733
|
| VCID-zd31-hza6-6ka5 | FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. |
CVE-2011-0722
|
| VCID-zfws-4dmh-z3d3 | The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. |
CVE-2015-5479
|
| VCID-zfz3-8m91-r3hr | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2012-2801
|
| VCID-zjrs-4mu3-8ucd | The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header. |
CVE-2013-2495
|
| VCID-zm5h-d795-nqgp | security update |
CVE-2017-16840
|
| VCID-zpk3-uqa9-fyeu | The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access. |
CVE-2013-0869
|
| VCID-zpnd-4ep5-sbg8 | FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. |
CVE-2017-7859
|
| VCID-zrjt-up2x-tuej | several |
CVE-2013-0846
|
| VCID-zrxf-ckzt-wyf5 | Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. |
CVE-2011-3934
|
| VCID-ztct-23kh-5baa | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2013-0872
|
| VCID-zunv-c43k-2kfy | Multiple vulnerabilities have been found in Libav, the worst of which may allow a Denial of Service condition. |
CVE-2017-16803
|
| VCID-zw3e-43n5-hqaf | Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. |
CVE-2014-8545
|
| VCID-zy4a-ax4q-5qb9 | ffmpeg: complex format argument in handle_open_brace in libavcodec/htmlsubtitles.c causing denial of service |
CVE-2019-9721
|