Filtered by vendor Ffmpeg
Subscribe
Total
428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13301 | 1 Ffmpeg | 1 Ffmpeg | 2018-07-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. | |||||
| CVE-2017-11665 | 1 Ffmpeg | 1 Ffmpeg | 2018-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. | |||||
| CVE-2012-5360 | 1 Ffmpeg | 1 Ffmpeg | 2018-02-23 | 9.3 HIGH | 8.8 HIGH |
| Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. | |||||
| CVE-2012-5359 | 1 Ffmpeg | 1 Ffmpeg | 2018-02-23 | 9.3 HIGH | 8.8 HIGH |
| Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file. | |||||
| CVE-2012-5361 | 1 Ffmpeg | 1 Ffmpeg | 2018-02-09 | 6.8 MEDIUM | 7.8 HIGH |
| Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file. | |||||
| CVE-2017-9608 | 1 Ffmpeg | 1 Ffmpeg | 2018-01-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. | |||||
| CVE-2017-15186 | 1 Ffmpeg | 1 Ffmpeg | 2017-11-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | |||||
| CVE-2017-14225 | 1 Ffmpeg | 1 Ffmpeg | 2017-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) | |||||
| CVE-2016-2839 | 3 Ffmpeg, Linux, Mozilla | 4 Ffmpeg, Linux Kernel, Firefox and 1 more | 2017-08-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video. | |||||
| CVE-2008-4869 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2017-08-08 | 10.0 HIGH | N/A |
| FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak." | |||||
| CVE-2008-4868 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers." | |||||
| CVE-2008-4867 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2017-08-08 | 10.0 HIGH | N/A |
| Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. | |||||
| CVE-2008-4866 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2017-08-08 | 10.0 HIGH | N/A |
| Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY. | |||||
| CVE-2008-3230 | 1 Ffmpeg | 1 Lavf Demuxer | 2017-08-08 | 1.9 LOW | N/A |
| The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif. | |||||
| CVE-2017-9990 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-05 | 6.8 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-9996 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-05 | 6.8 MEDIUM | 7.8 HIGH |
| The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-9991 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-05 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-9995 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-03 | 6.8 MEDIUM | 7.8 HIGH |
| libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2016-7905 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. | |||||
| CVE-2016-7785 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | |||||