{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","type":"deb","namespace":"debian","name":"ffmpeg","version":"7:5.1.8-0+deb12u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7:7.1.3-1","latest_non_vulnerable_version":"7:7.1.3-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/352702?format=json","vulnerability_id":"VCID-2qje-t52h-fyfk","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40962.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40962.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40962","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01174","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01186","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01178","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01175","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01168","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01164","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01176","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01179","published_at":"2026-05-05T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00099","published_at":"2026-04-16T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.001","published_at":"2026-04-18T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00728","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40962"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22348","reference_id":"22348","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T12:20:13Z/"}],"url":"https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22348"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458862","reference_id":"2458862","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458862"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583276?format=json","purl":"pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/586187?format=json","purl":"pkg:deb/debian/ffmpeg@7:7.1.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-1"}],"aliases":["CVE-2026-40962"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qje-t52h-fyfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96533?format=json","vulnerability_id":"VCID-352p-mxyy-k3bu","summary":"FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22921","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30456","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30386","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30464","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30412","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30389","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30909","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30967","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30995","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30957","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30912","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30942","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30922","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30888","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30727","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3061","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30527","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31959","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32001","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.358","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35782","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22921"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://trac.ffmpeg.org/ticket/11393","reference_id":"11393","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:39:48Z/"}],"url":"https://trac.ffmpeg.org/ticket/11393"},{"reference_url":"https://usn.ubuntu.com/7538-1/","reference_id":"USN-7538-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7538-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586187?format=json","purl":"pkg:deb/debian/ffmpeg@7:7.1.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-1"}],"aliases":["CVE-2025-22921"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-352p-mxyy-k3bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96120?format=json","vulnerability_id":"VCID-e9kf-tzg8-9bht","summary":"FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36615","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21293","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21273","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21264","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2127","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21323","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21364","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21355","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21408","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21462","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21213","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26092","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26028","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25917","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25983","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26039","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25968","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25986","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26065","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26157","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26082","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26078","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36615"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61","reference_id":"0ba058579f332b3060d8470a04ddd3fbf305be61","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/"}],"url":"https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61"},{"reference_url":"https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb","reference_id":"c44e5eaafa8f408eea0c9411205990fb","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/"}],"url":"https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb"},{"reference_url":"https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738","reference_id":"vp9.c#L1738","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/"}],"url":"https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583276?format=json","purl":"pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1"}],"aliases":["CVE-2024-36615"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9kf-tzg8-9bht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/214782?format=json","vulnerability_id":"VCID-grh1-jxmf-dqdv","summary":"In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-35369","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12145","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12102","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11968","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11881","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12017","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12073","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12046","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12138","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12225","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12269","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12069","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1215","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12201","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12209","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12172","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12137","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12008","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12003","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12121","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-35369"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c","reference_id":"0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T17:11:01Z/"}],"url":"https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c"},{"reference_url":"https://gist.github.com/1047524396/455093807666f2e351d674750c8cd0b8","reference_id":"455093807666f2e351d674750c8cd0b8","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T17:11:01Z/"}],"url":"https://gist.github.com/1047524396/455093807666f2e351d674750c8cd0b8"},{"reference_url":"https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/speexdec.c#L1423","reference_id":"speexdec.c#L1423","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T17:11:01Z/"}],"url":"https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/speexdec.c#L1423"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583276?format=json","purl":"pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1"}],"aliases":["CVE-2024-35369"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-grh1-jxmf-dqdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95886?format=json","vulnerability_id":"VCID-mun9-fyvn-8kfs","summary":"A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6601","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1185","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11921","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11766","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11782","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11838","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11968","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11757","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1184","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11891","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11902","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11864","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11836","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11701","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.117","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11817","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11786","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1174","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11658","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11577","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11712","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6601"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253172","reference_id":"show_bug.cgi?id=2253172","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:07:37Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253172"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583276?format=json","purl":"pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1"}],"aliases":["CVE-2023-6601"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mun9-fyvn-8kfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96074?format=json","vulnerability_id":"VCID-ns98-tu4j-sfd5","summary":"FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31578","reference_id":"","reference_type":"","scores":[{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51226","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.5544","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55379","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55357","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55407","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55418","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55396","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55378","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55413","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55417","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55278","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.5532","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55377","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55338","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55363","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55424","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55354","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56048","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56044","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56069","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31578"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31578","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31578"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7","reference_id":"3bb00c0a420c3ce83c6fafee30270d69622ccad7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/"}],"url":"https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7"},{"reference_url":"https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179","reference_id":"45400cce5859d78dcd3a62010df8d179","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/"}],"url":"https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","reference_id":"6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","reference_id":"IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","reference_id":"LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"},{"reference_url":"https://usn.ubuntu.com/6803-1/","reference_id":"USN-6803-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6803-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583276?format=json","purl":"pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1"}],"aliases":["CVE-2024-31578"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ns98-tu4j-sfd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97505?format=json","vulnerability_id":"VCID-uakc-kpg5-2ug5","summary":"Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49528","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07224","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06814","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06981","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06968","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06972","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06941","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06964","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07114","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07203","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07182","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07197","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06858","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06844","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06899","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0693","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06926","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06919","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06914","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06853","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06835","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49528"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://trac.ffmpeg.org/ticket/10691","reference_id":"10691","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T18:37:01Z/"}],"url":"https://trac.ffmpeg.org/ticket/10691"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","reference_id":"6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T18:37:01Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","reference_id":"IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T18:37:01Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","reference_id":"LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-19T18:37:01Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"},{"reference_url":"https://usn.ubuntu.com/6803-1/","reference_id":"USN-6803-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6803-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583276?format=json","purl":"pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1"}],"aliases":["CVE-2023-49528"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uakc-kpg5-2ug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74455?format=json","vulnerability_id":"VCID-wrb6-w8ps-uuge","summary":"ffmpeg: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10256.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10256","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00537","published_at":"2026-05-15T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00544","published_at":"2026-04-29T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0055","published_at":"2026-05-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00548","published_at":"2026-05-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00542","published_at":"2026-05-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00538","published_at":"2026-05-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00535","published_at":"2026-05-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00539","published_at":"2026-05-14T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00719","published_at":"2026-04-04T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00724","published_at":"2026-04-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00723","published_at":"2026-04-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00713","published_at":"2026-04-09T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0071","published_at":"2026-04-11T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00704","published_at":"2026-04-12T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00705","published_at":"2026-04-13T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00702","published_at":"2026-04-16T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00708","published_at":"2026-04-18T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00748","published_at":"2026-04-21T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0075","published_at":"2026-04-24T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00751","published_at":"2026-04-26T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00722","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10256"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394495","reference_id":"2394495","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394495"},{"reference_url":"https://github.com/FFmpeg/FFmpeg/commit/a25462482c02c004d685a8fcf2fa63955aaa0931","reference_id":"a25462482c02c004d685a8fcf2fa63955aaa0931","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/"}],"url":"https://github.com/FFmpeg/FFmpeg/commit/a25462482c02c004d685a8fcf2fa63955aaa0931"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-10256","reference_id":"CVE-2025-10256","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-10256"},{"reference_url":"https://github.com/FFmpeg/FFmpeg/commit/d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a","reference_id":"d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/"}],"url":"https://github.com/FFmpeg/FFmpeg/commit/d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a"},{"reference_url":"https://usn.ubuntu.com/7830-1/","reference_id":"USN-7830-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7830-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583276?format=json","purl":"pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1"}],"aliases":["CVE-2025-10256"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wrb6-w8ps-uuge"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95887?format=json","vulnerability_id":"VCID-1kt8-snqa-5ygv","summary":"A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6602","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36899","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37388","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37282","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.3677","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36837","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36859","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36782","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36804","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36881","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37412","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.3724","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37291","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37303","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37314","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37281","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37253","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37299","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41408","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41414","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4133","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41521","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6602"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2334338","reference_id":"show_bug.cgi?id=2334338","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-31T15:00:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2334338"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2023-6602"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1kt8-snqa-5ygv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68661?format=json","vulnerability_id":"VCID-1vbq-3ve8-dbdr","summary":"FFmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7700.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7700.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7700","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25071","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25027","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25095","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2514","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25155","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25113","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2506","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25868","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25825","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26838","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26864","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26737","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26756","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26765","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26813","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28211","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2802","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27861","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2839","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28337","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28099","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7700"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7700","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7700"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2380420","reference_id":"2380420","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-07T19:07:55Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2380420"},{"reference_url":"https://github.com/FFmpeg/FFmpeg/commit/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07","reference_id":"35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-07T19:07:55Z/"}],"url":"https://github.com/FFmpeg/FFmpeg/commit/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7700","reference_id":"CVE-2025-7700","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-07T19:07:55Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-7700"},{"reference_url":"https://usn.ubuntu.com/7830-1/","reference_id":"USN-7830-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7830-1/"},{"reference_url":"https://usn.ubuntu.com/7871-1/","reference_id":"USN-7871-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7871-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2025-7700"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vbq-3ve8-dbdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96533?format=json","vulnerability_id":"VCID-352p-mxyy-k3bu","summary":"FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22921","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30456","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30386","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30464","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30412","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30389","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30909","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30967","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30995","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30957","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30912","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30942","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30922","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30888","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30727","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3061","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30527","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31959","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32001","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.358","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35782","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22921"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://trac.ffmpeg.org/ticket/11393","reference_id":"11393","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:39:48Z/"}],"url":"https://trac.ffmpeg.org/ticket/11393"},{"reference_url":"https://usn.ubuntu.com/7538-1/","reference_id":"USN-7538-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7538-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/586187?format=json","purl":"pkg:deb/debian/ffmpeg@7:7.1.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-1"}],"aliases":["CVE-2025-22921"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-352p-mxyy-k3bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95888?format=json","vulnerability_id":"VCID-7kmr-r2hd-dfap","summary":"A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6603","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36109","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36023","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36362","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36139","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38749","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.3876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38772","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38735","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38708","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38755","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38732","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38364","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38748","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.3877","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38699","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38257","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38283","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38356","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38266","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38336","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38347","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6603"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2334335","reference_id":"show_bug.cgi?id=2334335","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-31T14:59:14Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2334335"},{"reference_url":"https://usn.ubuntu.com/7830-1/","reference_id":"USN-7830-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7830-1/"},{"reference_url":"https://usn.ubuntu.com/7890-1/","reference_id":"USN-7890-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7890-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2023-6603"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kmr-r2hd-dfap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96500?format=json","vulnerability_id":"VCID-cpnk-whs1-6kg7","summary":"A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1594","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30826","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30656","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30673","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30648","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30692","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30738","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30734","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30702","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30644","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30215","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30203","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30134","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30112","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30182","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30173","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30105","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30741","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30825","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30946","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31104","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55896","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1594"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1594","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1594"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://trac.ffmpeg.org/ticket/11418#comment:3","reference_id":"11418#comment:3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/"}],"url":"https://trac.ffmpeg.org/ticket/11418#comment:3"},{"reference_url":"https://vuldb.com/?ctiid.296589","reference_id":"?ctiid.296589","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/"}],"url":"https://vuldb.com/?ctiid.296589"},{"reference_url":"https://ffmpeg.org/","reference_id":"ffmpeg.org","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/"}],"url":"https://ffmpeg.org/"},{"reference_url":"https://vuldb.com/?id.296589","reference_id":"?id.296589","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/"}],"url":"https://vuldb.com/?id.296589"},{"reference_url":"https://trac.ffmpeg.org/attachment/ticket/11418/poc","reference_id":"poc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/"}],"url":"https://trac.ffmpeg.org/attachment/ticket/11418/poc"},{"reference_url":"https://vuldb.com/?submit.496929","reference_id":"?submit.496929","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/"}],"url":"https://vuldb.com/?submit.496929"},{"reference_url":"https://usn.ubuntu.com/7738-1/","reference_id":"USN-7738-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7738-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2025-1594"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpnk-whs1-6kg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96120?format=json","vulnerability_id":"VCID-e9kf-tzg8-9bht","summary":"FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36615","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21293","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21273","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21264","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2127","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21323","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21364","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21355","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21408","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21462","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21213","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26092","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26028","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25917","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25983","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26039","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25968","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25986","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26065","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26157","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26082","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26078","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36615"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61","reference_id":"0ba058579f332b3060d8470a04ddd3fbf305be61","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/"}],"url":"https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61"},{"reference_url":"https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb","reference_id":"c44e5eaafa8f408eea0c9411205990fb","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/"}],"url":"https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb"},{"reference_url":"https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738","reference_id":"vp9.c#L1738","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/"}],"url":"https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/583276?format=json","purl":"pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1"}],"aliases":["CVE-2024-36615"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9kf-tzg8-9bht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96368?format=json","vulnerability_id":"VCID-fqzc-ggz9-gbd5","summary":"A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7055","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31462","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30887","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30872","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30805","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30782","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30866","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.3086","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30791","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30941","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.3102","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31141","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31312","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31341","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31361","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31328","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31367","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.3141","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31407","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31376","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31504","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7055"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7055","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7055"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://vuldb.com/?ctiid.273651","reference_id":"?ctiid.273651","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/"}],"url":"https://vuldb.com/?ctiid.273651"},{"reference_url":"https://ffmpeg.org/download.html","reference_id":"download.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/"}],"url":"https://ffmpeg.org/download.html"},{"reference_url":"https://ffmpeg.org/","reference_id":"ffmpeg.org","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/"}],"url":"https://ffmpeg.org/"},{"reference_url":"https://vuldb.com/?id.273651","reference_id":"?id.273651","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/"}],"url":"https://vuldb.com/?id.273651"},{"reference_url":"https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3","reference_id":"poc3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/"}],"url":"https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3"},{"reference_url":"https://vuldb.com/?submit.376532","reference_id":"?submit.376532","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/"}],"url":"https://vuldb.com/?submit.376532"},{"reference_url":"https://usn.ubuntu.com/7823-1/","reference_id":"USN-7823-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7823-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2024-7055"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqzc-ggz9-gbd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96123?format=json","vulnerability_id":"VCID-gwet-989h-3fhz","summary":"FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36618","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1119","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11043","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10979","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10916","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11053","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11125","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11092","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11186","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11179","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11239","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11054","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11134","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11189","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11198","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11166","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11141","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11006","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11015","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11147","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11086","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857","reference_id":"7a089ed8e049e3bfcb22de1250b86f2106060857","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:47:13Z/"}],"url":"https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857"},{"reference_url":"https://gist.github.com/1047524396/a148f3679415a6da53ca112eb2ba1523","reference_id":"a148f3679415a6da53ca112eb2ba1523","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:47:13Z/"}],"url":"https://gist.github.com/1047524396/a148f3679415a6da53ca112eb2ba1523"},{"reference_url":"https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/avidec.c#L1699","reference_id":"avidec.c#L1699","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:47:13Z/"}],"url":"https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/avidec.c#L1699"},{"reference_url":"https://usn.ubuntu.com/7823-1/","reference_id":"USN-7823-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7823-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2024-36618"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwet-989h-3fhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95890?format=json","vulnerability_id":"VCID-hd6u-9x7x-mke8","summary":"A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6605","reference_id":"","reference_type":"","scores":[{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25887","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26158","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25997","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25978","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25725","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25784","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25843","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25767","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.2586","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26199","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.2597","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26088","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26098","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26052","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25993","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29826","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29942","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29759","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30012","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6605"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2334336","reference_id":"show_bug.cgi?id=2334336","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:03:36Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2334336"},{"reference_url":"https://usn.ubuntu.com/7830-1/","reference_id":"USN-7830-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7830-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2023-6605"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hd6u-9x7x-mke8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96532?format=json","vulnerability_id":"VCID-k14h-eek4-s3cv","summary":"A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22919","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22525","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22595","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22545","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22284","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22368","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22445","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22413","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.2243","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22508","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22531","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22609","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22662","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.2268","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22639","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22584","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22598","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22779","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22791","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22786","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23503","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2354","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22919"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://trac.ffmpeg.org/ticket/11385","reference_id":"11385","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T21:10:35Z/"}],"url":"https://trac.ffmpeg.org/ticket/11385"},{"reference_url":"https://usn.ubuntu.com/7538-1/","reference_id":"USN-7538-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7538-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2025-22919"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k14h-eek4-s3cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95889?format=json","vulnerability_id":"VCID-kcjw-jy65-hfge","summary":"A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6604","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24248","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24264","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24252","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24405","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24437","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2422","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24287","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2433","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24348","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24305","published_at":"2026-04-12T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27547","published_at":"2026-04-21T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27323","published_at":"2026-04-29T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.274","published_at":"2026-04-26T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29451","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29341","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29361","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.2944","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29344","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29407","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.2942","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6604"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2334337","reference_id":"show_bug.cgi?id=2334337","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:05:31Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2334337"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2023-6604"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcjw-jy65-hfge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96106?format=json","vulnerability_id":"VCID-m3u1-zn19-k3dy","summary":"FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-35367","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34351","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34341","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34319","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34343","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34382","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.3438","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34413","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34441","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34307","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38771","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38874","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38792","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38667","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38741","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38755","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.3869","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38765","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39106","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38896","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-35367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35367"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667","reference_id":"09e6840cf7a3ee07a73c3ae88a020bf27ca1a667","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T16:26:41Z/"}],"url":"https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667"},{"reference_url":"https://gist.github.com/1047524396/9754a44845578358f6a403447c458ca4","reference_id":"9754a44845578358f6a403447c458ca4","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T16:26:41Z/"}],"url":"https://gist.github.com/1047524396/9754a44845578358f6a403447c458ca4"},{"reference_url":"https://usn.ubuntu.com/7823-1/","reference_id":"USN-7823-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7823-1/"},{"reference_url":"https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/ppc/vp8dsp_altivec.c#L53","reference_id":"vp8dsp_altivec.c#L53","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T16:26:41Z/"}],"url":"https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/ppc/vp8dsp_altivec.c#L53"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2024-35367"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3u1-zn19-k3dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96107?format=json","vulnerability_id":"VCID-m827-r499-xubz","summary":"FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-35368","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37869","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37911","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37886","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37912","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37948","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37932","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37919","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37966","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37991","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4542","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45381","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45276","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45341","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45359","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45303","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45326","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45402","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45518","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45433","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45442","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-35368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35368"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c","reference_id":"4513300989502090c4fd6560544dce399a8cd53c","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-02T16:20:01Z/"}],"url":"https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c"},{"reference_url":"https://gist.github.com/1047524396/7e6e47220ae2b2d2fb4611f0d8a31ec5","reference_id":"7e6e47220ae2b2d2fb4611f0d8a31ec5","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-02T16:20:01Z/"}],"url":"https://gist.github.com/1047524396/7e6e47220ae2b2d2fb4611f0d8a31ec5"},{"reference_url":"https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/rkmppdec.c#L466","reference_id":"rkmppdec.c#L466","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-02T16:20:01Z/"}],"url":"https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/rkmppdec.c#L466"},{"reference_url":"https://usn.ubuntu.com/7823-1/","reference_id":"USN-7823-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7823-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2024-35368"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m827-r499-xubz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96977?format=json","vulnerability_id":"VCID-n9qa-r9nt-fyc8","summary":"A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9951","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56753","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56732","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61306","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.6132","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.6134","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61326","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61308","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61258","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68316","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.6829","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68336","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68337","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68373","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68424","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68365","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68271","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68281","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68261","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68305","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68313","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69864","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9951"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9951","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9951"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg","reference_id":"GHSA-39q3-f8jq-v6mg","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-09T14:20:36Z/"}],"url":"https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg"},{"reference_url":"https://usn.ubuntu.com/7830-1/","reference_id":"USN-7830-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7830-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2025-9951"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9qa-r9nt-fyc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96074?format=json","vulnerability_id":"VCID-ns98-tu4j-sfd5","summary":"FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31578","reference_id":"","reference_type":"","scores":[{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51226","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.5544","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55379","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55357","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55407","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55418","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55396","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55378","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55413","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55417","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55278","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.5532","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55377","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55338","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55363","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55424","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55354","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56048","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56044","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56069","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31578"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31578","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31578"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7","reference_id":"3bb00c0a420c3ce83c6fafee30270d69622ccad7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/"}],"url":"https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7"},{"reference_url":"https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179","reference_id":"45400cce5859d78dcd3a62010df8d179","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/"}],"url":"https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","reference_id":"6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","reference_id":"IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","reference_id":"LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:55:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"},{"reference_url":"https://usn.ubuntu.com/6803-1/","reference_id":"USN-6803-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6803-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/583276?format=json","purl":"pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1"}],"aliases":["CVE-2024-31578"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ns98-tu4j-sfd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95837?format=json","vulnerability_id":"VCID-qr7y-vmc2-8qce","summary":"Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49502","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47913","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47873","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47955","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4795","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47904","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47887","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47898","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47845","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4776","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47827","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47849","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47792","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47822","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47894","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47842","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47895","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4789","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47914","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47892","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47901","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49502"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://trac.ffmpeg.org/ticket/10688","reference_id":"10688","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-01T16:52:33Z/"}],"url":"https://trac.ffmpeg.org/ticket/10688"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","reference_id":"6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-01T16:52:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"},{"reference_url":"https://github.com/FFmpeg/FFmpeg","reference_id":"FFmpeg","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-01T16:52:33Z/"}],"url":"https://github.com/FFmpeg/FFmpeg"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","reference_id":"IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-01T16:52:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","reference_id":"LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-01T16:52:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"},{"reference_url":"https://usn.ubuntu.com/6803-1/","reference_id":"USN-6803-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6803-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2023-49502"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qr7y-vmc2-8qce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65870?format=json","vulnerability_id":"VCID-rfby-3dun-rqf9","summary":"ffmpeg: FFmpeg: Integer overflow vulnerability leads to Denial of Service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-63757.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-63757.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63757","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2043","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20342","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20493","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20218","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20299","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20358","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20387","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20284","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20272","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20277","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.243","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2444","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24375","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24472","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24503","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24537","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24481","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24467","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24427","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24378","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24394","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63757"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20698","reference_id":"20698","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T19:29:55Z/"}],"url":"https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20698"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423583","reference_id":"2423583","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423583"},{"reference_url":"https://gist.github.com/miora-sora/43c1c5616dd5b4f960a9d20296ef4833","reference_id":"43c1c5616dd5b4f960a9d20296ef4833","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T19:29:55Z/"}],"url":"https://gist.github.com/miora-sora/43c1c5616dd5b4f960a9d20296ef4833"},{"reference_url":"https://usn.ubuntu.com/7982-1/","reference_id":"USN-7982-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7982-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2025-63757"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfby-3dun-rqf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96415?format=json","vulnerability_id":"VCID-u45n-rr9s-ffah","summary":"Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files  https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C .  This issue affects FFmpeg: 7.1.  Issue was fixed:  https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a   https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0518","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30771","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31337","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30667","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.3069","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30757","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31378","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31198","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31251","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31281","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31286","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31242","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.312","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31232","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31214","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31186","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31027","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30905","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30821","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30669","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30738","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30747","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0518"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a","reference_id":"b5b6391d64807578ab872dc58fb8aa621dcfc38a","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T19:10:53Z/"}],"url":"https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a"},{"reference_url":"https://usn.ubuntu.com/7538-1/","reference_id":"USN-7538-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7538-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2025-0518"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u45n-rr9s-ffah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94453?format=json","vulnerability_id":"VCID-ujjc-ays1-gfc2","summary":"A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22038","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.4116","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41252","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41282","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41256","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41264","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41286","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41255","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41241","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41285","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41183","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41072","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41067","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40987","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40848","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40922","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40938","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40843","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40866","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40942","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40954","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22038"},{"reference_url":"https://usn.ubuntu.com/6449-1/","reference_id":"USN-6449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}],"aliases":["CVE-2020-22038"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujjc-ays1-gfc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74455?format=json","vulnerability_id":"VCID-wrb6-w8ps-uuge","summary":"ffmpeg: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10256.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10256","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00537","published_at":"2026-05-15T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00544","published_at":"2026-04-29T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0055","published_at":"2026-05-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00548","published_at":"2026-05-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00542","published_at":"2026-05-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00538","published_at":"2026-05-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00535","published_at":"2026-05-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00539","published_at":"2026-05-14T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00719","published_at":"2026-04-04T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00724","published_at":"2026-04-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00723","published_at":"2026-04-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00713","published_at":"2026-04-09T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0071","published_at":"2026-04-11T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00704","published_at":"2026-04-12T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00705","published_at":"2026-04-13T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00702","published_at":"2026-04-16T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00708","published_at":"2026-04-18T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00748","published_at":"2026-04-21T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0075","published_at":"2026-04-24T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00751","published_at":"2026-04-26T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00722","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10256"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394495","reference_id":"2394495","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394495"},{"reference_url":"https://github.com/FFmpeg/FFmpeg/commit/a25462482c02c004d685a8fcf2fa63955aaa0931","reference_id":"a25462482c02c004d685a8fcf2fa63955aaa0931","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/"}],"url":"https://github.com/FFmpeg/FFmpeg/commit/a25462482c02c004d685a8fcf2fa63955aaa0931"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-10256","reference_id":"CVE-2025-10256","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-10256"},{"reference_url":"https://github.com/FFmpeg/FFmpeg/commit/d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a","reference_id":"d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-25T16:54:58Z/"}],"url":"https://github.com/FFmpeg/FFmpeg/commit/d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a"},{"reference_url":"https://usn.ubuntu.com/7830-1/","reference_id":"USN-7830-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7830-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583275?format=json","purl":"pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"},{"vulnerability":"VCID-e9kf-tzg8-9bht"},{"vulnerability":"VCID-grh1-jxmf-dqdv"},{"vulnerability":"VCID-mun9-fyvn-8kfs"},{"vulnerability":"VCID-ns98-tu4j-sfd5"},{"vulnerability":"VCID-uakc-kpg5-2ug5"},{"vulnerability":"VCID-wrb6-w8ps-uuge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/583276?format=json","purl":"pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qje-t52h-fyfk"},{"vulnerability":"VCID-352p-mxyy-k3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1"}],"aliases":["CVE-2025-10256"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wrb6-w8ps-uuge"}],"risk_score":"3.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1"}