Search Results (500 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-3935 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size.
CVE-2011-3934 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data.
CVE-2011-1931 3 Ffmpeg, Libav, Videolan 4 Ffmpeg, Libavcodec, Libav and 1 more 2025-04-11 N/A
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
CVE-2024-32230 1 Ffmpeg 1 Ffmpeg 2025-03-14 7.8 High
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
CVE-2022-48434 1 Ffmpeg 1 Ffmpeg 2024-11-21 8.1 High
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
CVE-2022-3965 1 Ffmpeg 1 Ffmpeg 2024-11-21 4.3 Medium
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.
CVE-2022-3964 1 Ffmpeg 1 Ffmpeg 2024-11-21 4.3 Medium
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
CVE-2022-1475 1 Ffmpeg 1 Ffmpeg 2024-11-21 5.5 Medium
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
CVE-2021-3566 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 5.5 Medium
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).
CVE-2021-38291 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 7.5 High
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.
CVE-2021-38171 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 9.8 Critical
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
CVE-2021-38114 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 5.5 Medium
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
CVE-2021-38094 1 Ffmpeg 1 Ffmpeg 2024-11-21 8.8 High
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
CVE-2021-38093 1 Ffmpeg 1 Ffmpeg 2024-11-21 8.8 High
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
CVE-2021-38092 1 Ffmpeg 1 Ffmpeg 2024-11-21 8.8 High
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
CVE-2021-38091 1 Ffmpeg 1 Ffmpeg 2024-11-21 8.8 High
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
CVE-2021-38090 1 Ffmpeg 1 Ffmpeg 2024-11-21 8.8 High
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
CVE-2021-33815 1 Ffmpeg 1 Ffmpeg 2024-11-21 8.8 High
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.
CVE-2021-30123 1 Ffmpeg 1 Ffmpeg 2024-11-21 8.8 High
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.
CVE-2021-28429 1 Ffmpeg 1 Ffmpeg 2024-11-21 5.5 Medium
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.