Filtered by vendor Ffmpeg
Subscribe
Total
428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20448 | 1 Ffmpeg | 1 Ffmpeg | 2021-05-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. | |||||
| CVE-2018-6621 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-03-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. | |||||
| CVE-2018-12458 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-02-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | |||||
| CVE-2018-14395 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-02-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. | |||||
| CVE-2017-17081 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. | |||||
| CVE-2017-14171 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-05 | 7.1 HIGH | 6.5 MEDIUM |
| In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop. | |||||
| CVE-2017-11719 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | 6.8 MEDIUM | 7.8 HIGH |
| The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. | |||||
| CVE-2017-11399 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. | |||||
| CVE-2017-14169 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. | |||||
| CVE-2017-14170 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | 7.1 HIGH | 6.5 MEDIUM |
| In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file. | |||||
| CVE-2018-13300 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-01-04 | 5.8 MEDIUM | 8.1 HIGH |
| In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. | |||||
| CVE-2017-14058 | 1 Ffmpeg | 1 Ffmpeg | 2020-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). | |||||
| CVE-2020-14212 | 1 Ffmpeg | 1 Ffmpeg | 2020-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. | |||||
| CVE-2019-12730 | 1 Ffmpeg | 1 Ffmpeg | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. | |||||
| CVE-2019-13312 | 1 Ffmpeg | 1 Ffmpeg | 2020-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. | |||||
| CVE-2019-13390 | 1 Ffmpeg | 1 Ffmpeg | 2020-07-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. | |||||
| CVE-2018-7751 | 1 Ffmpeg | 1 Ffmpeg | 2020-03-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. | |||||
| CVE-2018-6912 | 1 Ffmpeg | 1 Ffmpeg | 2020-03-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. | |||||
| CVE-2014-4610 | 1 Ffmpeg | 1 Ffmpeg | 2020-01-21 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. | |||||
| CVE-2018-13305 | 1 Ffmpeg | 1 Ffmpeg | 2020-01-14 | 5.8 MEDIUM | 8.1 HIGH |
| In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. | |||||