Filtered by vendor Ffmpeg Subscriptions
Total 441 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-3566 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-08-03 5.5 Medium
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).
CVE-2022-3965 1 Ffmpeg 1 Ffmpeg 2024-08-03 4.3 Medium
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.
CVE-2022-3964 1 Ffmpeg 1 Ffmpeg 2024-08-03 4.3 Medium
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
CVE-2022-3341 1 Ffmpeg 1 Ffmpeg 2024-08-03 5.3 Medium
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
CVE-2022-3109 1 Ffmpeg 1 Ffmpeg 2024-08-03 7.5 High
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
CVE-2022-1475 1 Ffmpeg 1 Ffmpeg 2024-08-03 5.5 Medium
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
CVE-2023-51798 1 Ffmpeg 1 Ffmpeg 2024-08-02 7.8 High
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.
CVE-2023-51795 1 Ffmpeg 1 Ffmpeg 2024-08-02 8 High
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame
CVE-2023-51794 1 Ffmpeg 1 Ffmpeg 2024-08-02 7.8 High
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
CVE-2023-51797 1 Ffmpeg 1 Ffmpeg 2024-08-02 6.7 Medium
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame
CVE-2023-51793 1 Ffmpeg 1 Ffmpeg 2024-08-02 7.8 High
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
CVE-2023-47470 1 Ffmpeg 1 Ffmpeg 2024-08-02 7.8 High
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c
CVE-2023-46407 1 Ffmpeg 1 Ffmpeg 2024-08-02 5.5 Medium
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.
CVE-2024-32229 1 Ffmpeg 1 Ffmpeg 2024-08-02 8.4 High
FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column.
CVE-2024-32228 1 Ffmpeg 1 Ffmpeg 2024-08-02 6.6 Medium
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.
CVE-2024-31578 1 Ffmpeg 1 Ffmpeg 2024-08-02 7.5 High
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
CVE-2024-31581 1 Ffmpeg 1 Ffmpeg 2024-08-02 9.8 Critical
FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.
CVE-2024-31582 1 Ffmpeg 1 Ffmpeg 2024-08-02 7.8 High
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.
CVE-2024-22862 1 Ffmpeg 1 Ffmpeg 2024-08-01 9.8 Critical
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
CVE-2024-22861 1 Ffmpeg 1 Ffmpeg 2024-08-01 7.5 High
Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.