Ffmpeg : Security Vulnerabilities, CVEs, (Memory corruption) CVSS score >= 8
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
Max CVSS
8.1
EPSS Score
0.12%
Published
2023-03-29
Updated
2023-12-23
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.29%
Published
2021-06-01
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.20%
Published
2021-06-01
Updated
2022-06-28
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.29%
Published
2021-05-27
Updated
2022-10-26
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.13%
Published
2021-05-27
Updated
2022-10-25
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.25%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.20%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.32%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.32%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.13%
Published
2021-05-27
Updated
2022-10-25
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.29%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.17%
Published
2021-05-27
Updated
2022-09-13
A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.29%
Published
2021-05-27
Updated
2021-11-05
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
Max CVSS
8.8
EPSS Score
0.24%
Published
2021-08-10
Updated
2021-11-30
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.
Max CVSS
8.8
EPSS Score
0.18%
Published
2021-09-20
Updated
2021-09-24
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
Max CVSS
8.8
EPSS Score
0.24%
Published
2020-06-16
Updated
2020-09-18
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
Max CVSS
10.0
EPSS Score
4.39%
Published
2020-04-28
Updated
2022-04-29
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
Max CVSS
9.8
EPSS Score
1.08%
Published
2019-10-14
Updated
2021-07-21
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
Max CVSS
9.8
EPSS Score
2.04%
Published
2019-10-14
Updated
2021-06-10
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
Max CVSS
8.8
EPSS Score
1.01%
Published
2019-04-19
Updated
2022-10-07
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)
Max CVSS
8.8
EPSS Score
0.31%
Published
2017-09-09
Updated
2017-11-04
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.
Max CVSS
9.8
EPSS Score
0.49%
Published
2017-04-14
Updated
2017-04-20
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.
Max CVSS
9.8
EPSS Score
0.42%
Published
2017-04-14
Updated
2019-03-05
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.
Max CVSS
9.8
EPSS Score
0.42%
Published
2017-04-14
Updated
2019-03-04