Ffmpeg : Security Vulnerabilities, CVEs, CVSS score between 8 and 8.99
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
Max CVSS
8.1
EPSS Score
0.15%
Published
2023-03-29
Updated
2023-12-23
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.
Max CVSS
8.1
EPSS Score
0.14%
Published
2022-11-13
Updated
2023-12-23
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
Max CVSS
8.1
EPSS Score
0.14%
Published
2022-11-13
Updated
2023-12-23
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-09-20
Updated
2021-09-23
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-09-20
Updated
2021-09-23
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-09-20
Updated
2021-09-23
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-09-20
Updated
2021-09-23
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-09-20
Updated
2021-09-23
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.
Max CVSS
8.8
EPSS Score
0.18%
Published
2021-06-03
Updated
2023-12-23
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.
Max CVSS
8.8
EPSS Score
2.06%
Published
2021-04-07
Updated
2021-09-29
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.
Max CVSS
8.8
EPSS Score
0.08%
Published
2021-05-26
Updated
2021-05-28
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.29%
Published
2021-06-01
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.20%
Published
2021-06-01
Updated
2022-06-28
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.29%
Published
2021-05-27
Updated
2022-10-26
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.13%
Published
2021-05-27
Updated
2022-10-25
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.25%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.20%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.32%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.32%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.13%
Published
2021-05-27
Updated
2022-10-25
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.29%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.17%
Published
2021-05-27
Updated
2022-09-13
A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.29%
Published
2021-05-27
Updated
2021-11-05
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.
Max CVSS
8.8
EPSS Score
2.00%
Published
2021-05-26
Updated
2021-11-05