Search for packages
| purl | pkg:deb/debian/ffmpeg@7:5.1.6-0%2Bdeb12u1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1ty8-tgqz-7kej
Aliases: CVE-2024-35369 |
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-3vxs-7fbp-aaab
Aliases: CVE-2023-50007 |
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-5j57-fxja-aaac
Aliases: CVE-2024-31578 |
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-6gtp-npkd-uygv
Aliases: CVE-2024-55069 |
ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c. |
Affected by 2 other vulnerabilities. |
|
VCID-6yyu-zyxe-27ey
Aliases: CVE-2024-36615 |
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-74aj-xtav-xbcu
Aliases: CVE-2025-25473 |
FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. | There are no reported fixed by versions. |
|
VCID-97xy-zftr-hqh3
Aliases: CVE-2025-0518 |
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed:Â https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman |
Affected by 2 other vulnerabilities. |
|
VCID-9yzs-4sgq-2qhu
Aliases: CVE-2024-36618 |
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-bc9v-ce3a-9khd
Aliases: CVE-2024-36616 |
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-d8jk-7xst-k3dd
Aliases: CVE-2025-22919 |
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. |
Affected by 2 other vulnerabilities. |
|
VCID-dgna-mwnu-zbh4
Aliases: CVE-2024-36619 |
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-gyrc-wvfm-vbdq
Aliases: CVE-2024-35367 |
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-jj4z-x7gn-aaac
Aliases: CVE-2024-32228 |
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-mddu-guxm-aaar
Aliases: CVE-2023-49502 |
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-nyc3-s1cq-aaah
Aliases: CVE-2023-50008 |
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-pj49-8yyw-mkd2
Aliases: CVE-2024-36617 |
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-wuva-nnm5-aaar
Aliases: CVE-2023-49528 |
Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-yh4p-8yd8-vyek
Aliases: CVE-2024-35366 |
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-z96x-kd83-aaan
Aliases: CVE-2024-31582 |
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-z9cz-8mpn-zffd
Aliases: CVE-2025-22921 |
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | There are no reported fixed by versions. |
|
VCID-zxb3-wce6-jfgb
Aliases: CVE-2024-35368 |
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-259q-szcp-aaaa | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. |
CVE-2020-22038
|
| VCID-5j57-fxja-aaac | FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. |
CVE-2024-31578
|
| VCID-97xy-zftr-hqh3 | Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed:Â https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman |
CVE-2025-0518
|
| VCID-9yzs-4sgq-2qhu | FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. |
CVE-2024-36618
|
| VCID-bc9v-ce3a-9khd | An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. |
CVE-2024-36616
|
| VCID-d8jk-7xst-k3dd | A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. |
CVE-2025-22919
|
| VCID-gyrc-wvfm-vbdq | FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer |
CVE-2024-35367
|
| VCID-mddu-guxm-aaar | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. |
CVE-2023-49502
|
| VCID-npah-3sx6-aaar | A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. |
CVE-2024-7055
|
| VCID-pj49-8yyw-mkd2 | FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. |
CVE-2024-36617
|
| VCID-yh4p-8yd8-vyek | FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. |
CVE-2024-35366
|
| VCID-z9cz-8mpn-zffd | FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. |
CVE-2025-22921
|
| VCID-zxb3-wce6-jfgb | FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. |
CVE-2024-35368
|