VulnerableCode Package Details - pkg:deb/debian/ffmpeg@7:5.1.7-0%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-28q2-kc62-nqad	FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.	CVE-2024-36615
VCID-71ny-c9kz-1uc1	A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.	CVE-2020-22038
VCID-a4su-jd5k-2yeb	A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.	CVE-2023-6601
VCID-etvd-ankr-mkcp	A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.	CVE-2024-7055
VCID-fv2s-79bs-rkb9	Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman	CVE-2025-0518
VCID-hjyb-9ecy-vudm	FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.	CVE-2024-31578
VCID-v8p4-ymb2-3bbe	FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer	CVE-2024-35367
VCID-vdx4-n19y-pyek	A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.	CVE-2023-6604
VCID-y1yy-qzr5-hyeq	A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.	CVE-2023-6605

Vulnerability

Summary

Aliases

VCID-28q2-kc62-nqad

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.

CVE-2024-36615

VCID-71ny-c9kz-1uc1

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.

CVE-2020-22038

VCID-a4su-jd5k-2yeb

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.

CVE-2023-6601

VCID-etvd-ankr-mkcp

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

CVE-2024-7055

VCID-fv2s-79bs-rkb9

Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman

CVE-2025-0518

VCID-hjyb-9ecy-vudm

FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.

CVE-2024-31578

VCID-v8p4-ymb2-3bbe

FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer

CVE-2024-35367

VCID-vdx4-n19y-pyek

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.

CVE-2023-6604

VCID-y1yy-qzr5-hyeq

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.

CVE-2023-6605

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-09-10T03:00:01.317688+00:00	Debian Oval Importer	Fixing	VCID-v8p4-ymb2-3bbe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T23:37:20.846248+00:00	Debian Oval Importer	Fixing	VCID-y1yy-qzr5-hyeq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T22:05:00.146740+00:00	Debian Oval Importer	Fixing	VCID-etvd-ankr-mkcp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T21:45:04.849727+00:00	Debian Oval Importer	Fixing	VCID-vdx4-n19y-pyek	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T21:31:27.592590+00:00	Debian Oval Importer	Fixing	VCID-fv2s-79bs-rkb9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T21:09:13.526240+00:00	Debian Oval Importer	Fixing	VCID-a4su-jd5k-2yeb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T20:33:55.382453+00:00	Debian Importer	Fixing	VCID-28q2-kc62-nqad	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-09-09T20:10:45.354930+00:00	Debian Oval Importer	Fixing	VCID-hjyb-9ecy-vudm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T19:35:43.475112+00:00	Debian Importer	Fixing	VCID-71ny-c9kz-1uc1	https://security-tracker.debian.org/tracker/data/json	37.0.0