Search for packages
| purl | pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-352p-mxyy-k3bu
Aliases: CVE-2025-22921 |
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. |
Affected by 0 other vulnerabilities. |
|
VCID-e9kf-tzg8-9bht
Aliases: CVE-2024-36615 |
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. |
Affected by 1 other vulnerability. |
|
VCID-grh1-jxmf-dqdv
Aliases: CVE-2024-35369 |
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. |
Affected by 1 other vulnerability. |
|
VCID-mun9-fyvn-8kfs
Aliases: CVE-2023-6601 |
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions. |
Affected by 1 other vulnerability. |
|
VCID-ns98-tu4j-sfd5
Aliases: CVE-2024-31578 |
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. |
Affected by 1 other vulnerability. |
|
VCID-uakc-kpg5-2ug5
Aliases: CVE-2023-49528 |
Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. |
Affected by 1 other vulnerability. |
|
VCID-wrb6-w8ps-uuge
Aliases: CVE-2025-10256 |
ffmpeg: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c) |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1kt8-snqa-5ygv | A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists. |
CVE-2023-6602
|
| VCID-1vbq-3ve8-dbdr | FFmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c) |
CVE-2025-7700
|
| VCID-352p-mxyy-k3bu | FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. |
CVE-2025-22921
|
| VCID-7kmr-r2hd-dfap | A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization. |
CVE-2023-6603
|
| VCID-cpnk-whs1-6kg7 | A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
CVE-2025-1594
|
| VCID-e9kf-tzg8-9bht | FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. |
CVE-2024-36615
|
| VCID-fqzc-ggz9-gbd5 | A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. |
CVE-2024-7055
|
| VCID-gwet-989h-3fhz | FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. |
CVE-2024-36618
|
| VCID-hd6u-9x7x-mke8 | A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs. |
CVE-2023-6605
|
| VCID-k14h-eek4-s3cv | A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. |
CVE-2025-22919
|
| VCID-kcjw-jy65-hfge | A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation. |
CVE-2023-6604
|
| VCID-m3u1-zn19-k3dy | FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer |
CVE-2024-35367
|
| VCID-m827-r499-xubz | FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. |
CVE-2024-35368
|
| VCID-n9qa-r9nt-fyc8 | A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000. |
CVE-2025-9951
|
| VCID-ns98-tu4j-sfd5 | FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. |
CVE-2024-31578
|
| VCID-qr7y-vmc2-8qce | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. |
CVE-2023-49502
|
| VCID-rfby-3dun-rqf9 | ffmpeg: FFmpeg: Integer overflow vulnerability leads to Denial of Service |
CVE-2025-63757
|
| VCID-u45n-rr9s-ffah | Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed:Â https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman |
CVE-2025-0518
|
| VCID-ujjc-ays1-gfc2 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. |
CVE-2020-22038
|
| VCID-wrb6-w8ps-uuge | ffmpeg: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c) |
CVE-2025-10256
|