Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

Type deb

Namespace debian

Name ffmpeg

Version 7:5.1.8-0+deb12u1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7:7.1.3-1

Latest_non_vulnerable_version 7:7.1.3-1

Affected_by_vulnerabilities

url VCID-2qje-t52h-fyfk

vulnerability_id VCID-2qje-t52h-fyfk

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40962.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40962.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40962

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01176
published_at	2026-05-14T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01179
published_at	2026-05-05T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01186
published_at	2026-04-26T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01178
published_at	2026-05-07T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01175
published_at	2026-05-09T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01168
published_at	2026-05-11T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01164
published_at	2026-05-12T12:55:00Z

value	3e-05
scoring_system	epss
scoring_elements	0.00099
published_at	2026-04-16T12:55:00Z

value	3e-05
scoring_system	epss
scoring_elements	0.001
published_at	2026-04-18T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00728
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40962

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22348

reference_id

22348

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T12:20:13Z/

url

https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22348

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2458862
reference_id	2458862
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2458862

fixed_packages

url	pkg:deb/debian/ffmpeg@7:7.1.3-1
purl	pkg:deb/debian/ffmpeg@7:7.1.3-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-1

aliases CVE-2026-40962

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qje-t52h-fyfk

url VCID-352p-mxyy-k3bu

vulnerability_id VCID-352p-mxyy-k3bu

summary FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-22921

reference_id

reference_type

scores

value	0.0012
scoring_system	epss
scoring_elements	0.30456
published_at	2026-05-07T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30386
published_at	2026-05-05T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30464
published_at	2026-05-09T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30412
published_at	2026-05-12T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30389
published_at	2026-05-11T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30909
published_at	2026-04-07T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30967
published_at	2026-04-08T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30995
published_at	2026-04-09T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.31
published_at	2026-04-11T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30957
published_at	2026-04-12T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30912
published_at	2026-04-13T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30942
published_at	2026-04-16T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30922
published_at	2026-04-18T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30888
published_at	2026-04-21T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30727
published_at	2026-04-24T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.3061
published_at	2026-04-26T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30527
published_at	2026-04-29T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31959
published_at	2026-04-02T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32001
published_at	2026-04-04T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.35782
published_at	2026-05-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-22921

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22921
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22921

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://trac.ffmpeg.org/ticket/11393

reference_id

11393

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:39:48Z/

url

https://trac.ffmpeg.org/ticket/11393

reference_url	https://usn.ubuntu.com/7538-1/
reference_id	USN-7538-1
reference_type
scores
url	https://usn.ubuntu.com/7538-1/

fixed_packages

url	pkg:deb/debian/ffmpeg@7:7.1.3-1
purl	pkg:deb/debian/ffmpeg@7:7.1.3-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-1

aliases CVE-2025-22921

risk_score 1.6

exploitability 0.5

weighted_severity 3.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-352p-mxyy-k3bu

url VCID-e9kf-tzg8-9bht

vulnerability_id VCID-e9kf-tzg8-9bht

summary FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-36615

reference_id

reference_type

scores

value	0.00069
scoring_system	epss
scoring_elements	0.21293
published_at	2026-04-08T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21273
published_at	2026-04-18T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21264
published_at	2026-04-16T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.2127
published_at	2026-04-13T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21323
published_at	2026-04-12T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21364
published_at	2026-04-11T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21355
published_at	2026-04-09T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21408
published_at	2026-04-02T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21462
published_at	2026-04-04T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21213
published_at	2026-04-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26065
published_at	2026-05-14T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26078
published_at	2026-04-26T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26028
published_at	2026-04-29T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.25917
published_at	2026-05-05T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.25983
published_at	2026-05-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26039
published_at	2026-05-09T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.25968
published_at	2026-05-11T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.25986
published_at	2026-05-12T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26157
published_at	2026-04-21T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26082
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-36615

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36615
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36615

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61

reference_id

0ba058579f332b3060d8470a04ddd3fbf305be61

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/

url

https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61

reference_url

https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb

reference_id

c44e5eaafa8f408eea0c9411205990fb

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/

url

https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb

reference_url

https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738

reference_id

vp9.c#L1738

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/

url

https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738

fixed_packages

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1

aliases CVE-2024-36615

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9kf-tzg8-9bht

url VCID-grh1-jxmf-dqdv

vulnerability_id VCID-grh1-jxmf-dqdv

summary In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-35369

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.12138
published_at	2026-05-14T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12121
published_at	2026-04-21T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12102
published_at	2026-04-24T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11968
published_at	2026-04-29T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11881
published_at	2026-05-05T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12017
published_at	2026-05-07T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12073
published_at	2026-05-12T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12046
published_at	2026-05-11T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12225
published_at	2026-04-02T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12269
published_at	2026-04-04T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12069
published_at	2026-04-26T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.1215
published_at	2026-04-08T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12201
published_at	2026-04-09T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12209
published_at	2026-04-11T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12172
published_at	2026-04-12T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12137
published_at	2026-04-13T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12008
published_at	2026-04-16T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12003
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-35369

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c

reference_id

0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T17:11:01Z/

url

https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c

reference_url

https://gist.github.com/1047524396/455093807666f2e351d674750c8cd0b8

reference_id

455093807666f2e351d674750c8cd0b8

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T17:11:01Z/

url

https://gist.github.com/1047524396/455093807666f2e351d674750c8cd0b8

reference_url

https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/speexdec.c#L1423

reference_id

speexdec.c#L1423

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T17:11:01Z/

url

https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/speexdec.c#L1423

fixed_packages

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1

aliases CVE-2024-35369

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-grh1-jxmf-dqdv

url VCID-mun9-fyvn-8kfs

vulnerability_id VCID-mun9-fyvn-8kfs

summary A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6601

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11838
published_at	2026-05-14T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11921
published_at	2026-04-02T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11712
published_at	2026-05-07T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11766
published_at	2026-05-09T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11782
published_at	2026-05-12T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11968
published_at	2026-04-04T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11757
published_at	2026-04-07T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1184
published_at	2026-04-08T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11891
published_at	2026-04-09T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11902
published_at	2026-04-11T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11864
published_at	2026-04-12T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11836
published_at	2026-04-13T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11701
published_at	2026-04-16T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.117
published_at	2026-04-18T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11817
published_at	2026-04-21T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11786
published_at	2026-04-24T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1174
published_at	2026-05-11T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11658
published_at	2026-04-29T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11577
published_at	2026-05-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6601

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6601
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6601

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2253172

reference_id

show_bug.cgi?id=2253172

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:07:37Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2253172

fixed_packages

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1

aliases CVE-2023-6601

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mun9-fyvn-8kfs

url VCID-ns98-tu4j-sfd5

vulnerability_id VCID-ns98-tu4j-sfd5

summary FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-31578

reference_id

reference_type

scores

value	0.00278
scoring_system	epss
scoring_elements	0.51226
published_at	2026-04-21T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55424
published_at	2026-05-14T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55354
published_at	2026-04-02T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55379
published_at	2026-04-04T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55357
published_at	2026-04-07T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55407
published_at	2026-04-09T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55418
published_at	2026-04-11T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55396
published_at	2026-04-12T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55378
published_at	2026-04-13T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55413
published_at	2026-04-16T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55417
published_at	2026-04-18T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55278
published_at	2026-05-05T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.5532
published_at	2026-05-07T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55377
published_at	2026-05-09T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55338
published_at	2026-05-11T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55363
published_at	2026-05-12T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56048
published_at	2026-04-24T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56044
published_at	2026-04-29T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56069
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-31578

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31578
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31578

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7

reference_id

3bb00c0a420c3ce83c6fafee30270d69622ccad7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/

url

https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7

reference_url

https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179

reference_id

45400cce5859d78dcd3a62010df8d179

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/

url

https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

reference_id

6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

reference_id

IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

reference_id

LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

reference_url	https://usn.ubuntu.com/6803-1/
reference_id	USN-6803-1
reference_type
scores
url	https://usn.ubuntu.com/6803-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1

aliases CVE-2024-31578

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ns98-tu4j-sfd5

url VCID-uakc-kpg5-2ug5

vulnerability_id VCID-uakc-kpg5-2ug5

summary Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49528

reference_id

reference_type

scores

value	0.00025
scoring_system	epss
scoring_elements	0.07224
published_at	2026-05-14T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06814
published_at	2026-04-02T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06981
published_at	2026-04-21T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06968
published_at	2026-04-24T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06972
published_at	2026-04-26T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06941
published_at	2026-04-29T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06964
published_at	2026-05-05T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07114
published_at	2026-05-07T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07203
published_at	2026-05-09T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07182
published_at	2026-05-11T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07197
published_at	2026-05-12T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06858
published_at	2026-04-04T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06844
published_at	2026-04-07T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06899
published_at	2026-04-08T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.0693
published_at	2026-04-09T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06926
published_at	2026-04-11T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06919
published_at	2026-04-12T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06914
published_at	2026-04-13T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06853
published_at	2026-04-16T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06835
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49528

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://trac.ffmpeg.org/ticket/10691

reference_id

10691

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T18:37:01Z/

url

https://trac.ffmpeg.org/ticket/10691

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

reference_id

6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T18:37:01Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

reference_id

IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T18:37:01Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

reference_id

LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T18:37:01Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

reference_url	https://usn.ubuntu.com/6803-1/
reference_id	USN-6803-1
reference_type
scores
url	https://usn.ubuntu.com/6803-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1

aliases CVE-2023-49528

risk_score 3.6

exploitability 0.5

weighted_severity 7.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uakc-kpg5-2ug5

url VCID-wrb6-w8ps-uuge

vulnerability_id VCID-wrb6-w8ps-uuge

summary ffmpeg: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10256.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10256.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-10256

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.00539
published_at	2026-05-14T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00544
published_at	2026-04-29T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.0055
published_at	2026-05-05T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00548
published_at	2026-05-07T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00542
published_at	2026-05-09T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00538
published_at	2026-05-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00535
published_at	2026-05-12T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00722
published_at	2026-04-02T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00719
published_at	2026-04-04T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00724
published_at	2026-04-07T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00723
published_at	2026-04-08T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00713
published_at	2026-04-09T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.0071
published_at	2026-04-11T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00704
published_at	2026-04-12T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00705
published_at	2026-04-13T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00702
published_at	2026-04-16T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00708
published_at	2026-04-18T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00748
published_at	2026-04-21T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.0075
published_at	2026-04-24T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00751
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-10256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10256

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2394495

reference_id

2394495

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2394495

reference_url

https://github.com/FFmpeg/FFmpeg/commit/a25462482c02c004d685a8fcf2fa63955aaa0931

reference_id

a25462482c02c004d685a8fcf2fa63955aaa0931

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/

url

https://github.com/FFmpeg/FFmpeg/commit/a25462482c02c004d685a8fcf2fa63955aaa0931

reference_url

https://access.redhat.com/security/cve/CVE-2025-10256

reference_id

CVE-2025-10256

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/

url

https://access.redhat.com/security/cve/CVE-2025-10256

reference_url

https://github.com/FFmpeg/FFmpeg/commit/d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a

reference_id

d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/

url

https://github.com/FFmpeg/FFmpeg/commit/d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a

reference_url	https://usn.ubuntu.com/7830-1/
reference_id	USN-7830-1
reference_type
scores
url	https://usn.ubuntu.com/7830-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1

aliases CVE-2025-10256

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrb6-w8ps-uuge

Fixing_vulnerabilities

url VCID-1kt8-snqa-5ygv

vulnerability_id VCID-1kt8-snqa-5ygv

summary A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6602

reference_id

reference_type

scores

value	0.00163
scoring_system	epss
scoring_elements	0.36881
published_at	2026-05-14T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37388
published_at	2026-04-02T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37299
published_at	2026-04-16T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37282
published_at	2026-04-18T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.3677
published_at	2026-05-05T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36837
published_at	2026-05-07T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36859
published_at	2026-05-09T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36782
published_at	2026-05-11T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36804
published_at	2026-05-12T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37412
published_at	2026-04-04T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.3724
published_at	2026-04-07T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37291
published_at	2026-04-08T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37303
published_at	2026-04-09T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37314
published_at	2026-04-11T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37281
published_at	2026-04-12T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37253
published_at	2026-04-13T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41408
published_at	2026-04-26T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41414
published_at	2026-04-24T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.4133
published_at	2026-04-29T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41521
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6602

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6602
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6602

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2334338

reference_id

show_bug.cgi?id=2334338

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-31T15:00:28Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2334338

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2023-6602

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1kt8-snqa-5ygv

url VCID-1vbq-3ve8-dbdr

vulnerability_id VCID-1vbq-3ve8-dbdr

summary FFmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7700.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7700.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-7700

reference_id

reference_type

scores

value	0.00088
scoring_system	epss
scoring_elements	0.25071
published_at	2026-04-16T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25027
published_at	2026-04-07T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25095
published_at	2026-04-08T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.2514
published_at	2026-04-09T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25155
published_at	2026-04-11T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25113
published_at	2026-04-12T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.2506
published_at	2026-04-13T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25868
published_at	2026-04-04T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25825
published_at	2026-04-02T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26756
published_at	2026-05-12T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26838
published_at	2026-05-14T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26813
published_at	2026-05-09T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26737
published_at	2026-05-11T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26765
published_at	2026-05-07T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28337
published_at	2026-04-21T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28099
published_at	2026-04-26T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.2802
published_at	2026-04-29T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.27861
published_at	2026-05-05T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.2839
published_at	2026-04-18T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28211
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-7700

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7700
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7700

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2380420

reference_id

2380420

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-07T19:07:55Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2380420

reference_url

https://github.com/FFmpeg/FFmpeg/commit/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07

reference_id

35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-07T19:07:55Z/

url

https://github.com/FFmpeg/FFmpeg/commit/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07

reference_url

https://access.redhat.com/security/cve/CVE-2025-7700

reference_id

CVE-2025-7700

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-07T19:07:55Z/

url

https://access.redhat.com/security/cve/CVE-2025-7700

reference_url	https://usn.ubuntu.com/7830-1/
reference_id	USN-7830-1
reference_type
scores
url	https://usn.ubuntu.com/7830-1/

reference_url	https://usn.ubuntu.com/7871-1/
reference_id	USN-7871-1
reference_type
scores
url	https://usn.ubuntu.com/7871-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2025-7700

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vbq-3ve8-dbdr

url VCID-352p-mxyy-k3bu

vulnerability_id VCID-352p-mxyy-k3bu

summary FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-22921

reference_id

reference_type

scores

value	0.0012
scoring_system	epss
scoring_elements	0.30456
published_at	2026-05-07T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30386
published_at	2026-05-05T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30464
published_at	2026-05-09T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30412
published_at	2026-05-12T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30389
published_at	2026-05-11T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30909
published_at	2026-04-07T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30967
published_at	2026-04-08T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30995
published_at	2026-04-09T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.31
published_at	2026-04-11T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30957
published_at	2026-04-12T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30912
published_at	2026-04-13T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30942
published_at	2026-04-16T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30922
published_at	2026-04-18T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30888
published_at	2026-04-21T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30727
published_at	2026-04-24T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.3061
published_at	2026-04-26T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30527
published_at	2026-04-29T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31959
published_at	2026-04-02T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32001
published_at	2026-04-04T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.35782
published_at	2026-05-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-22921

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22921
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22921

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://trac.ffmpeg.org/ticket/11393

reference_id

11393

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:39:48Z/

url

https://trac.ffmpeg.org/ticket/11393

reference_url	https://usn.ubuntu.com/7538-1/
reference_id	USN-7538-1
reference_type
scores
url	https://usn.ubuntu.com/7538-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

url	pkg:deb/debian/ffmpeg@7:7.1.3-1
purl	pkg:deb/debian/ffmpeg@7:7.1.3-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-1

aliases CVE-2025-22921

risk_score 1.6

exploitability 0.5

weighted_severity 3.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-352p-mxyy-k3bu

url VCID-7kmr-r2hd-dfap

vulnerability_id VCID-7kmr-r2hd-dfap

summary A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6603

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.36109
published_at	2026-04-26T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36023
published_at	2026-04-29T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36362
published_at	2026-04-21T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36139
published_at	2026-04-24T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38749
published_at	2026-04-08T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.3876
published_at	2026-04-09T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38772
published_at	2026-04-11T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38735
published_at	2026-04-12T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38708
published_at	2026-04-13T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38755
published_at	2026-04-16T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38732
published_at	2026-04-18T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38356
published_at	2026-05-14T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38748
published_at	2026-04-02T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.3877
published_at	2026-04-04T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38699
published_at	2026-04-07T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38347
published_at	2026-05-09T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38257
published_at	2026-05-11T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38283
published_at	2026-05-12T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38266
published_at	2026-05-05T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38336
published_at	2026-05-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6603

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6603
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6603

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2334335

reference_id

show_bug.cgi?id=2334335

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-31T14:59:14Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2334335

reference_url	https://usn.ubuntu.com/7830-1/
reference_id	USN-7830-1
reference_type
scores
url	https://usn.ubuntu.com/7830-1/

reference_url	https://usn.ubuntu.com/7890-1/
reference_id	USN-7890-1
reference_type
scores
url	https://usn.ubuntu.com/7890-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2023-6603

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7kmr-r2hd-dfap

url VCID-cpnk-whs1-6kg7

vulnerability_id VCID-cpnk-whs1-6kg7

summary A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1594

reference_id

reference_type

scores

value	0.00118
scoring_system	epss
scoring_elements	0.30738
published_at	2026-04-11T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30826
published_at	2026-04-04T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30644
published_at	2026-04-07T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30702
published_at	2026-04-08T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30656
published_at	2026-04-18T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30673
published_at	2026-04-16T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30648
published_at	2026-04-13T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30692
published_at	2026-04-12T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30734
published_at	2026-04-09T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30203
published_at	2026-05-14T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30134
published_at	2026-05-12T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30112
published_at	2026-05-11T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30182
published_at	2026-05-09T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30173
published_at	2026-05-07T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30105
published_at	2026-05-05T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.30946
published_at	2026-04-24T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31104
published_at	2026-04-21T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.30741
published_at	2026-04-29T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.30825
published_at	2026-04-26T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55896
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1594

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1594
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1594

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://trac.ffmpeg.org/ticket/11418#comment:3

reference_id

11418#comment:3

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/

url

https://trac.ffmpeg.org/ticket/11418#comment:3

reference_url

https://vuldb.com/?ctiid.296589

reference_id

?ctiid.296589

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/

url

https://vuldb.com/?ctiid.296589

reference_url

https://ffmpeg.org/

reference_id

ffmpeg.org

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/

url

https://ffmpeg.org/

reference_url

https://vuldb.com/?id.296589

reference_id

?id.296589

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/

url

https://vuldb.com/?id.296589

reference_url

https://trac.ffmpeg.org/attachment/ticket/11418/poc

reference_id

poc

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/

url

https://trac.ffmpeg.org/attachment/ticket/11418/poc

reference_url

https://vuldb.com/?submit.496929

reference_id

?submit.496929

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/

url

https://vuldb.com/?submit.496929

reference_url	https://usn.ubuntu.com/7738-1/
reference_id	USN-7738-1
reference_type
scores
url	https://usn.ubuntu.com/7738-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2025-1594

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cpnk-whs1-6kg7

url VCID-e9kf-tzg8-9bht

vulnerability_id VCID-e9kf-tzg8-9bht

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-36615

reference_id

reference_type

scores

value	0.00069
scoring_system	epss
scoring_elements	0.21293
published_at	2026-04-08T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21273
published_at	2026-04-18T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21264
published_at	2026-04-16T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.2127
published_at	2026-04-13T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21323
published_at	2026-04-12T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21364
published_at	2026-04-11T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21355
published_at	2026-04-09T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21408
published_at	2026-04-02T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21462
published_at	2026-04-04T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21213
published_at	2026-04-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26065
published_at	2026-05-14T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26078
published_at	2026-04-26T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26028
published_at	2026-04-29T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.25917
published_at	2026-05-05T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.25983
published_at	2026-05-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26039
published_at	2026-05-09T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.25968
published_at	2026-05-11T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.25986
published_at	2026-05-12T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26157
published_at	2026-04-21T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26082
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-36615

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36615
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36615

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61

reference_id

0ba058579f332b3060d8470a04ddd3fbf305be61

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/

url

https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61

reference_url

https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb

reference_id

c44e5eaafa8f408eea0c9411205990fb

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/

url

https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb

reference_url

https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738

reference_id

vp9.c#L1738

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/

url

https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1

aliases CVE-2024-36615

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9kf-tzg8-9bht

url VCID-fqzc-ggz9-gbd5

vulnerability_id VCID-fqzc-ggz9-gbd5

summary A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-7055

reference_id

reference_type

scores

value	0.00122
scoring_system	epss
scoring_elements	0.31462
published_at	2026-04-02T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30872
published_at	2026-05-14T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30805
published_at	2026-05-12T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30782
published_at	2026-05-11T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30866
published_at	2026-05-09T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.3086
published_at	2026-05-07T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30791
published_at	2026-05-05T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30941
published_at	2026-04-29T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.3102
published_at	2026-04-26T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31141
published_at	2026-04-24T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31312
published_at	2026-04-21T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31341
published_at	2026-04-18T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31361
published_at	2026-04-16T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31328
published_at	2026-04-13T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31367
published_at	2026-04-12T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.3141
published_at	2026-04-11T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31407
published_at	2026-04-09T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31376
published_at	2026-04-08T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31322
published_at	2026-04-07T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31504
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-7055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7055

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://vuldb.com/?ctiid.273651

reference_id

?ctiid.273651

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/

url

https://vuldb.com/?ctiid.273651

reference_url

https://ffmpeg.org/download.html

reference_id

download.html

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/

url

https://ffmpeg.org/download.html

reference_url

https://ffmpeg.org/

reference_id

ffmpeg.org

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/

url

https://ffmpeg.org/

reference_url

https://vuldb.com/?id.273651

reference_id

?id.273651

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/

url

https://vuldb.com/?id.273651

reference_url

https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3

reference_id

poc3

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/

url

https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3

reference_url

https://vuldb.com/?submit.376532

reference_id

?submit.376532

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/

url

https://vuldb.com/?submit.376532

reference_url	https://usn.ubuntu.com/7823-1/
reference_id	USN-7823-1
reference_type
scores
url	https://usn.ubuntu.com/7823-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2024-7055

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqzc-ggz9-gbd5

url VCID-gwet-989h-3fhz

vulnerability_id VCID-gwet-989h-3fhz

summary FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-36618

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.11186
published_at	2026-05-14T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11086
published_at	2026-04-24T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11043
published_at	2026-04-26T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10979
published_at	2026-04-29T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10916
published_at	2026-05-05T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11053
published_at	2026-05-07T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11125
published_at	2026-05-09T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11092
published_at	2026-05-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11179
published_at	2026-04-02T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11239
published_at	2026-04-04T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11054
published_at	2026-04-07T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11134
published_at	2026-05-12T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11189
published_at	2026-04-09T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11198
published_at	2026-04-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11166
published_at	2026-04-12T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11141
published_at	2026-04-13T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11006
published_at	2026-04-16T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11015
published_at	2026-04-18T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11147
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-36618

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857

reference_id

7a089ed8e049e3bfcb22de1250b86f2106060857

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:47:13Z/

url

https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857

reference_url

https://gist.github.com/1047524396/a148f3679415a6da53ca112eb2ba1523

reference_id

a148f3679415a6da53ca112eb2ba1523

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:47:13Z/

url

https://gist.github.com/1047524396/a148f3679415a6da53ca112eb2ba1523

reference_url

https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/avidec.c#L1699

reference_id

avidec.c#L1699

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:47:13Z/

url

https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/avidec.c#L1699

reference_url	https://usn.ubuntu.com/7823-1/
reference_id	USN-7823-1
reference_type
scores
url	https://usn.ubuntu.com/7823-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2024-36618

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwet-989h-3fhz

url VCID-hd6u-9x7x-mke8

vulnerability_id VCID-hd6u-9x7x-mke8

summary A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6605

reference_id

reference_type

scores

value	0.00093
scoring_system	epss
scoring_elements	0.2586
published_at	2026-05-14T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26158
published_at	2026-04-02T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25993
published_at	2026-04-13T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25997
published_at	2026-04-16T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25978
published_at	2026-04-18T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25725
published_at	2026-05-05T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25784
published_at	2026-05-12T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25843
published_at	2026-05-09T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25767
published_at	2026-05-11T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26199
published_at	2026-04-04T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.2597
published_at	2026-04-07T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26037
published_at	2026-04-08T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26088
published_at	2026-04-09T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26098
published_at	2026-04-11T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26052
published_at	2026-04-12T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.29826
published_at	2026-04-26T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.29942
published_at	2026-04-24T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.29759
published_at	2026-04-29T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30012
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6605

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6605
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6605

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2334336

reference_id

show_bug.cgi?id=2334336

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:03:36Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2334336

reference_url	https://usn.ubuntu.com/7830-1/
reference_id	USN-7830-1
reference_type
scores
url	https://usn.ubuntu.com/7830-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2023-6605

risk_score 3.2

exploitability 0.5

weighted_severity 6.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hd6u-9x7x-mke8

url VCID-k14h-eek4-s3cv

vulnerability_id VCID-k14h-eek4-s3cv

summary A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-22919

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22508
published_at	2026-05-14T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22598
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22595
published_at	2026-04-18T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22545
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22284
published_at	2026-05-05T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22368
published_at	2026-05-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22445
published_at	2026-05-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22413
published_at	2026-05-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2243
published_at	2026-05-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22531
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22609
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22662
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2268
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22639
published_at	2026-04-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22584
published_at	2026-04-13T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22779
published_at	2026-04-29T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22791
published_at	2026-04-24T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22786
published_at	2026-04-26T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23503
published_at	2026-04-02T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.2354
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-22919

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22919
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22919

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://trac.ffmpeg.org/ticket/11385

reference_id

11385

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T21:10:35Z/

url

https://trac.ffmpeg.org/ticket/11385

reference_url	https://usn.ubuntu.com/7538-1/
reference_id	USN-7538-1
reference_type
scores
url	https://usn.ubuntu.com/7538-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2025-22919

risk_score 1.6

exploitability 0.5

weighted_severity 3.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k14h-eek4-s3cv

url VCID-kcjw-jy65-hfge

vulnerability_id VCID-kcjw-jy65-hfge

summary A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6604

reference_id

reference_type

scores

value	0.00083
scoring_system	epss
scoring_elements	0.24248
published_at	2026-04-13T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24264
published_at	2026-04-16T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24252
published_at	2026-04-18T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24405
published_at	2026-04-02T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24437
published_at	2026-04-04T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.2422
published_at	2026-04-07T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24287
published_at	2026-04-08T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.2433
published_at	2026-04-09T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24348
published_at	2026-04-11T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24305
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27547
published_at	2026-04-21T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27323
published_at	2026-04-29T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.274
published_at	2026-04-26T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27507
published_at	2026-04-24T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.2944
published_at	2026-05-14T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.2942
published_at	2026-05-09T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29341
published_at	2026-05-11T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29361
published_at	2026-05-12T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29344
published_at	2026-05-05T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29407
published_at	2026-05-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6604
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6604

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2334337

reference_id

show_bug.cgi?id=2334337

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:05:31Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2334337

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2023-6604

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kcjw-jy65-hfge

url VCID-m3u1-zn19-k3dy

vulnerability_id VCID-m3u1-zn19-k3dy

summary FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-35367

reference_id

reference_type

scores

value	0.00141
scoring_system	epss
scoring_elements	0.34351
published_at	2026-04-08T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34341
published_at	2026-04-18T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34354
published_at	2026-04-16T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34319
published_at	2026-04-13T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34343
published_at	2026-04-12T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34382
published_at	2026-04-11T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.3438
published_at	2026-04-09T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34413
published_at	2026-04-02T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34441
published_at	2026-04-04T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34307
published_at	2026-04-07T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.38765
published_at	2026-05-14T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.38896
published_at	2026-04-24T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.38874
published_at	2026-04-26T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.38792
published_at	2026-04-29T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.38667
published_at	2026-05-11T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.38741
published_at	2026-05-07T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.38755
published_at	2026-05-09T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.3869
published_at	2026-05-12T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39106
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-35367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35367

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667

reference_id

09e6840cf7a3ee07a73c3ae88a020bf27ca1a667

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T16:26:41Z/

url

https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667

reference_url

https://gist.github.com/1047524396/9754a44845578358f6a403447c458ca4

reference_id

9754a44845578358f6a403447c458ca4

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T16:26:41Z/

url

https://gist.github.com/1047524396/9754a44845578358f6a403447c458ca4

reference_url	https://usn.ubuntu.com/7823-1/
reference_id	USN-7823-1
reference_type
scores
url	https://usn.ubuntu.com/7823-1/

reference_url

https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/ppc/vp8dsp_altivec.c#L53

reference_id

vp8dsp_altivec.c#L53

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T16:26:41Z/

url

https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/ppc/vp8dsp_altivec.c#L53

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2024-35367

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3u1-zn19-k3dy

url VCID-m827-r499-xubz

vulnerability_id VCID-m827-r499-xubz

summary FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-35368

reference_id

reference_type

scores

value	0.00167
scoring_system	epss
scoring_elements	0.37869
published_at	2026-04-07T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37911
published_at	2026-04-18T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37886
published_at	2026-04-13T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37912
published_at	2026-04-12T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37948
published_at	2026-04-11T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37932
published_at	2026-04-16T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37919
published_at	2026-04-08T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37966
published_at	2026-04-02T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37991
published_at	2026-04-04T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45402
published_at	2026-05-14T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45442
published_at	2026-04-26T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45381
published_at	2026-04-29T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45276
published_at	2026-05-05T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45341
published_at	2026-05-07T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45359
published_at	2026-05-09T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45303
published_at	2026-05-11T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45326
published_at	2026-05-12T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45518
published_at	2026-04-21T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45433
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-35368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35368

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c

reference_id

4513300989502090c4fd6560544dce399a8cd53c

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-02T16:20:01Z/

url

https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c

reference_url

https://gist.github.com/1047524396/7e6e47220ae2b2d2fb4611f0d8a31ec5

reference_id

7e6e47220ae2b2d2fb4611f0d8a31ec5

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-02T16:20:01Z/

url

https://gist.github.com/1047524396/7e6e47220ae2b2d2fb4611f0d8a31ec5

reference_url

https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/rkmppdec.c#L466

reference_id

rkmppdec.c#L466

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-02T16:20:01Z/

url

https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/rkmppdec.c#L466

reference_url	https://usn.ubuntu.com/7823-1/
reference_id	USN-7823-1
reference_type
scores
url	https://usn.ubuntu.com/7823-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2024-35368

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m827-r499-xubz

url VCID-n9qa-r9nt-fyc8

vulnerability_id VCID-n9qa-r9nt-fyc8

summary A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9951

reference_id

reference_type

scores

value	0.0034
scoring_system	epss
scoring_elements	0.56753
published_at	2026-04-04T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56732
published_at	2026-04-02T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61326
published_at	2026-04-12T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61258
published_at	2026-04-07T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61306
published_at	2026-04-08T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.6134
published_at	2026-04-11T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.6132
published_at	2026-04-09T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61308
published_at	2026-04-13T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68424
published_at	2026-05-14T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68373
published_at	2026-05-09T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68337
published_at	2026-05-11T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68365
published_at	2026-05-12T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68271
published_at	2026-04-16T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68281
published_at	2026-04-18T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68261
published_at	2026-04-21T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68305
published_at	2026-04-24T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68313
published_at	2026-04-26T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68316
published_at	2026-04-29T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.6829
published_at	2026-05-05T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68336
published_at	2026-05-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9951

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9951
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9951

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg

reference_id

GHSA-39q3-f8jq-v6mg

reference_type

scores

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-09T14:20:36Z/

url

https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg

reference_url	https://usn.ubuntu.com/7830-1/
reference_id	USN-7830-1
reference_type
scores
url	https://usn.ubuntu.com/7830-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2025-9951

risk_score 3.2

exploitability 0.5

weighted_severity 6.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9qa-r9nt-fyc8

url VCID-ns98-tu4j-sfd5

vulnerability_id VCID-ns98-tu4j-sfd5

summary FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-31578

reference_id

reference_type

scores

value	0.00278
scoring_system	epss
scoring_elements	0.51226
published_at	2026-04-21T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55424
published_at	2026-05-14T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55354
published_at	2026-04-02T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55379
published_at	2026-04-04T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55357
published_at	2026-04-07T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55407
published_at	2026-04-09T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55418
published_at	2026-04-11T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55396
published_at	2026-04-12T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55378
published_at	2026-04-13T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55413
published_at	2026-04-16T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55417
published_at	2026-04-18T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55278
published_at	2026-05-05T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.5532
published_at	2026-05-07T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55377
published_at	2026-05-09T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55338
published_at	2026-05-11T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55363
published_at	2026-05-12T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56048
published_at	2026-04-24T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56044
published_at	2026-04-29T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56069
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-31578

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31578
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31578

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7

reference_id

3bb00c0a420c3ce83c6fafee30270d69622ccad7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/

url

https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7

reference_url

https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179

reference_id

45400cce5859d78dcd3a62010df8d179

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/

url

https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

reference_id

6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

reference_id

IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

reference_id

LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

reference_url	https://usn.ubuntu.com/6803-1/
reference_id	USN-6803-1
reference_type
scores
url	https://usn.ubuntu.com/6803-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1

aliases CVE-2024-31578

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ns98-tu4j-sfd5

url VCID-qr7y-vmc2-8qce

vulnerability_id VCID-qr7y-vmc2-8qce

summary Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49502

reference_id

reference_type

scores

value	0.00246
scoring_system	epss
scoring_elements	0.47822
published_at	2026-05-12T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47873
published_at	2026-04-02T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47901
published_at	2026-04-13T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47955
published_at	2026-04-16T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.4795
published_at	2026-04-18T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47904
published_at	2026-04-21T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47887
published_at	2026-04-24T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47898
published_at	2026-04-26T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47845
published_at	2026-04-29T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.4776
published_at	2026-05-05T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47827
published_at	2026-05-07T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47849
published_at	2026-05-09T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47792
published_at	2026-05-11T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47894
published_at	2026-04-04T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47842
published_at	2026-04-07T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47895
published_at	2026-05-14T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.4789
published_at	2026-04-09T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47914
published_at	2026-04-11T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47892
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49502

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49502
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49502

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://trac.ffmpeg.org/ticket/10688

reference_id

10688

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-01T16:52:33Z/

url

https://trac.ffmpeg.org/ticket/10688

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

reference_id

6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-01T16:52:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

reference_url

https://github.com/FFmpeg/FFmpeg

reference_id

FFmpeg

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-01T16:52:33Z/

url

https://github.com/FFmpeg/FFmpeg

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

reference_id

IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-01T16:52:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

reference_id

LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-01T16:52:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

reference_url	https://usn.ubuntu.com/6803-1/
reference_id	USN-6803-1
reference_type
scores
url	https://usn.ubuntu.com/6803-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2023-49502

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qr7y-vmc2-8qce

url VCID-rfby-3dun-rqf9

vulnerability_id VCID-rfby-3dun-rqf9

summary ffmpeg: FFmpeg: Integer overflow vulnerability leads to Denial of Service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-63757.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-63757.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-63757

reference_id

reference_type

scores

value	0.00065
scoring_system	epss
scoring_elements	0.2043
published_at	2026-04-02T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20342
published_at	2026-04-12T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20493
published_at	2026-04-04T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20218
published_at	2026-04-07T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20299
published_at	2026-04-08T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20358
published_at	2026-04-09T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20387
published_at	2026-04-11T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20284
published_at	2026-04-13T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20272
published_at	2026-04-16T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20277
published_at	2026-04-18T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24427
published_at	2026-04-29T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24378
published_at	2026-05-07T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.2444
published_at	2026-05-09T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24375
published_at	2026-05-11T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24394
published_at	2026-05-12T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24472
published_at	2026-05-14T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24537
published_at	2026-04-21T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24481
published_at	2026-04-24T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24467
published_at	2026-04-26T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.243
published_at	2026-05-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-63757

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63757
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63757

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20698

reference_id

20698

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T19:29:55Z/

url

https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20698

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2423583
reference_id	2423583
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2423583

reference_url

https://gist.github.com/miora-sora/43c1c5616dd5b4f960a9d20296ef4833

reference_id

43c1c5616dd5b4f960a9d20296ef4833

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T19:29:55Z/

url

https://gist.github.com/miora-sora/43c1c5616dd5b4f960a9d20296ef4833

reference_url	https://usn.ubuntu.com/7982-1/
reference_id	USN-7982-1
reference_type
scores
url	https://usn.ubuntu.com/7982-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2025-63757

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfby-3dun-rqf9

url VCID-u45n-rr9s-ffah

vulnerability_id VCID-u45n-rr9s-ffah

summary Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0518

reference_id

reference_type

scores

value	0.00122
scoring_system	epss
scoring_elements	0.30757
published_at	2026-05-14T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31337
published_at	2026-04-02T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30747
published_at	2026-05-09T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30667
published_at	2026-05-11T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.3069
published_at	2026-05-12T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31378
published_at	2026-04-04T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31198
published_at	2026-04-07T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31251
published_at	2026-04-08T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31281
published_at	2026-04-09T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31286
published_at	2026-04-11T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31242
published_at	2026-04-12T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.312
published_at	2026-04-13T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31232
published_at	2026-04-16T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31214
published_at	2026-04-18T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31186
published_at	2026-04-21T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31027
published_at	2026-04-24T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30905
published_at	2026-04-26T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30821
published_at	2026-04-29T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30669
published_at	2026-05-05T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30738
published_at	2026-05-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0518

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0518
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0518

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a

reference_id

b5b6391d64807578ab872dc58fb8aa621dcfc38a

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T19:10:53Z/

url

https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a

reference_url	https://usn.ubuntu.com/7538-1/
reference_id	USN-7538-1
reference_type
scores
url	https://usn.ubuntu.com/7538-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2025-0518

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u45n-rr9s-ffah

url VCID-ujjc-ays1-gfc2

vulnerability_id VCID-ujjc-ays1-gfc2

summary A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-22038

reference_id

reference_type

scores

value	0.00193
scoring_system	epss
scoring_elements	0.4116
published_at	2026-04-01T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41252
published_at	2026-04-02T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41282
published_at	2026-04-04T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41206
published_at	2026-04-07T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41256
published_at	2026-04-18T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41264
published_at	2026-04-09T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41286
published_at	2026-04-11T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41255
published_at	2026-04-12T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41241
published_at	2026-04-13T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41285
published_at	2026-04-16T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41183
published_at	2026-04-21T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41072
published_at	2026-04-24T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41067
published_at	2026-04-26T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.40987
published_at	2026-04-29T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.40848
published_at	2026-05-05T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.40922
published_at	2026-05-07T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.40938
published_at	2026-05-09T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.40843
published_at	2026-05-11T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.40866
published_at	2026-05-12T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.40942
published_at	2026-05-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-22038

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22038
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22038

reference_url	https://usn.ubuntu.com/6449-1/
reference_id	USN-6449-1
reference_type
scores
url	https://usn.ubuntu.com/6449-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

aliases CVE-2020-22038

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujjc-ays1-gfc2

url VCID-wrb6-w8ps-uuge

vulnerability_id VCID-wrb6-w8ps-uuge

summary ffmpeg: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10256.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10256.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-10256

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.00539
published_at	2026-05-14T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00544
published_at	2026-04-29T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.0055
published_at	2026-05-05T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00548
published_at	2026-05-07T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00542
published_at	2026-05-09T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00538
published_at	2026-05-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00535
published_at	2026-05-12T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00722
published_at	2026-04-02T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00719
published_at	2026-04-04T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00724
published_at	2026-04-07T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00723
published_at	2026-04-08T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00713
published_at	2026-04-09T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.0071
published_at	2026-04-11T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00704
published_at	2026-04-12T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00705
published_at	2026-04-13T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00702
published_at	2026-04-16T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00708
published_at	2026-04-18T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00748
published_at	2026-04-21T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.0075
published_at	2026-04-24T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00751
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-10256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10256

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2394495

reference_id

2394495

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2394495

reference_url

https://github.com/FFmpeg/FFmpeg/commit/a25462482c02c004d685a8fcf2fa63955aaa0931

reference_id

a25462482c02c004d685a8fcf2fa63955aaa0931

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/

url

https://github.com/FFmpeg/FFmpeg/commit/a25462482c02c004d685a8fcf2fa63955aaa0931

reference_url

https://access.redhat.com/security/cve/CVE-2025-10256

reference_id

CVE-2025-10256

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/

url

https://access.redhat.com/security/cve/CVE-2025-10256

reference_url

https://github.com/FFmpeg/FFmpeg/commit/d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a

reference_id

d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/

url

https://github.com/FFmpeg/FFmpeg/commit/d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a

reference_url	https://usn.ubuntu.com/7830-1/
reference_id	USN-7830-1
reference_type
scores
url	https://usn.ubuntu.com/7830-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1

aliases CVE-2025-10256

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrb6-w8ps-uuge

Risk_score 3.6

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1

Package Instance