Ffmpeg : Security Vulnerabilities, CVEs,
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-04-17
Updated
2024-04-17
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-04-17
Updated
2024-04-17
FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-04-17
Updated
2024-04-17
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-04-17
Updated
2024-04-17
Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-04-12
Updated
2024-04-12
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-10-27
Updated
2024-01-30
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
Max CVSS
5.3
EPSS Score
0.09%
Published
2023-01-12
Updated
2023-06-13
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
Max CVSS
5.5
EPSS Score
0.06%
Published
2022-05-02
Updated
2023-12-23
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
Max CVSS
5.5
EPSS Score
0.08%
Published
2021-08-04
Updated
2021-11-28
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-08-11
Updated
2023-08-18
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).
Max CVSS
5.5
EPSS Score
0.09%
Published
2021-08-05
Updated
2022-12-21
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.
Max CVSS
6.5
EPSS Score
0.28%
Published
2021-01-03
Updated
2022-08-06
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-11-10
Updated
2021-11-16
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.
Max CVSS
6.5
EPSS Score
0.09%
Published
2021-06-02
Updated
2021-06-07
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.
Max CVSS
6.5
EPSS Score
0.25%
Published
2021-06-02
Updated
2021-11-30
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.
Max CVSS
6.5
EPSS Score
0.11%
Published
2021-06-02
Updated
2021-06-07
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
Max CVSS
6.5
EPSS Score
0.25%
Published
2021-06-02
Updated
2021-11-30
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
Max CVSS
6.5
EPSS Score
0.10%
Published
2021-06-02
Updated
2021-11-30
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
Max CVSS
6.5
EPSS Score
0.10%
Published
2021-06-02
Updated
2021-11-30
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.
Max CVSS
6.5
EPSS Score
0.10%
Published
2021-06-01
Updated
2021-11-30
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.
Max CVSS
6.5
EPSS Score
0.09%
Published
2021-06-01
Updated
2021-06-07
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.
Max CVSS
6.5
EPSS Score
0.10%
Published
2021-06-01
Updated
2021-11-30
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.
Max CVSS
6.5
EPSS Score
0.10%
Published
2021-06-01
Updated
2021-11-30
A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.
Max CVSS
6.5
EPSS Score
0.09%
Published
2021-06-01
Updated
2021-06-07
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.
Max CVSS
6.5
EPSS Score
0.09%
Published
2021-06-01
Updated
2021-06-07