Filtered by vendor Ffmpeg
Subscribe
Total
428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1000016 | 1 Ffmpeg | 1 Ffmpeg | 2019-02-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31. | |||||
| CVE-2018-14394 | 1 Ffmpeg | 1 Ffmpeg | 2019-01-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. | |||||
| CVE-2017-14767 | 1 Ffmpeg | 1 Ffmpeg | 2019-01-08 | 6.8 MEDIUM | 8.8 HIGH |
| The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. | |||||
| CVE-2016-10191 | 1 Ffmpeg | 1 Ffmpeg | 2018-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. | |||||
| CVE-2016-10190 | 1 Ffmpeg | 1 Ffmpeg | 2018-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. | |||||
| CVE-2017-7862 | 1 Ffmpeg | 1 Ffmpeg | 2018-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. | |||||
| CVE-2016-1898 | 3 Canonical, Ffmpeg, Opensuse | 3 Ubuntu Linux, Ffmpeg, Leap | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file. | |||||
| CVE-2016-1897 | 3 Canonical, Ffmpeg, Opensuse | 3 Ubuntu Linux, Ffmpeg, Leap | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. | |||||
| CVE-2006-4800 | 1 Ffmpeg | 1 Ffmpeg | 2018-10-30 | 7.5 HIGH | N/A |
| Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. | |||||
| CVE-2005-4048 | 1 Ffmpeg | 1 Ffmpeg | 2018-10-30 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. | |||||
| CVE-2011-3504 | 1 Ffmpeg | 1 Ffmpeg | 2018-10-30 | 9.3 HIGH | N/A |
| The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2012-0857 | 1 Ffmpeg | 1 Ffmpeg | 2018-10-30 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2008-3162 | 1 Ffmpeg | 1 Ffmpeg | 2018-10-30 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors. | |||||
| CVE-2011-2161 | 1 Ffmpeg | 1 Ffmpeg | 2018-10-17 | 4.3 MEDIUM | N/A |
| The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames. | |||||
| CVE-2018-1999015 | 1 Ffmpeg | 1 Ffmpeg | 2018-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. | |||||
| CVE-2018-1999013 | 1 Ffmpeg | 1 Ffmpeg | 2018-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later. | |||||
| CVE-2018-1999014 | 1 Ffmpeg | 1 Ffmpeg | 2018-09-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later. | |||||
| CVE-2018-12460 | 1 Ffmpeg | 1 Ffmpeg | 2018-08-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c. | |||||
| CVE-2018-12459 | 1 Ffmpeg | 1 Ffmpeg | 2018-08-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | |||||
| CVE-2018-13303 | 1 Ffmpeg | 1 Ffmpeg | 2018-07-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. | |||||