Ffmpeg : Security Vulnerabilities, CVEs, CVSS score >= 6
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
Max CVSS
9.8
EPSS Score
0.20%
Published
2024-01-27
Updated
2024-02-02
Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-01-27
Updated
2024-02-02
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
Max CVSS
9.8
EPSS Score
0.20%
Published
2024-01-27
Updated
2024-02-02
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c
Max CVSS
7.8
EPSS Score
0.14%
Published
2023-11-16
Updated
2023-11-29
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
Max CVSS
8.1
EPSS Score
0.15%
Published
2023-03-29
Updated
2023-12-23
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.
Max CVSS
8.1
EPSS Score
0.14%
Published
2022-11-13
Updated
2023-12-23
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
Max CVSS
8.1
EPSS Score
0.14%
Published
2022-11-13
Updated
2023-12-23
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
Max CVSS
7.5
EPSS Score
0.14%
Published
2022-12-16
Updated
2023-06-13
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05
Max CVSS
9.0
EPSS Score
0.10%
Published
2022-09-23
Updated
2023-06-27
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.
Max CVSS
7.5
EPSS Score
0.41%
Published
2021-08-12
Updated
2023-12-23
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
Max CVSS
9.8
EPSS Score
0.83%
Published
2021-08-21
Updated
2023-12-23
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-09-20
Updated
2021-09-23
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-09-20
Updated
2021-09-23
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-09-20
Updated
2021-09-23
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-09-20
Updated
2021-09-23
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-09-20
Updated
2021-09-23
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.
Max CVSS
8.8
EPSS Score
0.18%
Published
2021-06-03
Updated
2023-12-23
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.
Max CVSS
8.8
EPSS Score
2.06%
Published
2021-04-07
Updated
2021-09-29
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).
Max CVSS
7.5
EPSS Score
0.10%
Published
2023-08-11
Updated
2023-08-16
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.
Max CVSS
7.5
EPSS Score
0.87%
Published
2021-01-04
Updated
2021-11-05
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.
Max CVSS
6.5
EPSS Score
0.28%
Published
2021-01-03
Updated
2022-08-06
Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).
Max CVSS
7.8
EPSS Score
0.17%
Published
2021-03-30
Updated
2021-04-02
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.
Max CVSS
8.8
EPSS Score
0.08%
Published
2021-05-26
Updated
2021-05-28
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.
Max CVSS
6.5
EPSS Score
0.09%
Published
2021-06-02
Updated
2021-06-07
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.
Max CVSS
6.5
EPSS Score
0.25%
Published
2021-06-02
Updated
2021-11-30