Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value.
Max CVSS
10.0
EPSS Score
0.65%
Published
2012-09-10
Updated
2018-10-30
The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference.
Max CVSS
10.0
EPSS Score
0.31%
Published
2013-11-23
Updated
2016-12-03
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
Max CVSS
10.0
EPSS Score
4.39%
Published
2020-04-28
Updated
2022-04-29
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.
Max CVSS
9.8
EPSS Score
0.29%
Published
2017-04-14
Updated
2017-04-20
FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.
Max CVSS
9.8
EPSS Score
0.46%
Published
2017-04-14
Updated
2018-11-27
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.
Max CVSS
9.8
EPSS Score
0.42%
Published
2017-04-14
Updated
2019-03-04
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.
Max CVSS
9.8
EPSS Score
0.42%
Published
2017-04-14
Updated
2019-03-05
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.
Max CVSS
9.8
EPSS Score
0.49%
Published
2017-04-14
Updated
2017-04-20
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
Max CVSS
9.8
EPSS Score
2.04%
Published
2019-10-14
Updated
2021-06-10
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
Max CVSS
9.8
EPSS Score
1.08%
Published
2019-10-14
Updated
2021-07-21
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.
Max CVSS
9.3
EPSS Score
49.53%
Published
2009-02-02
Updated
2020-11-20
Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption.
Max CVSS
9.3
EPSS Score
1.98%
Published
2010-02-10
Updated
2010-05-04
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
Max CVSS
8.8
EPSS Score
1.29%
Published
2016-06-16
Updated
2018-10-30
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)
Max CVSS
8.8
EPSS Score
0.31%
Published
2017-09-09
Updated
2017-11-04
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
Max CVSS
8.8
EPSS Score
1.01%
Published
2019-04-19
Updated
2022-10-07
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
Max CVSS
8.8
EPSS Score
0.24%
Published
2020-06-16
Updated
2020-09-18
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.
Max CVSS
8.8
EPSS Score
0.18%
Published
2021-09-20
Updated
2021-09-24
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
Max CVSS
8.8
EPSS Score
0.24%
Published
2021-08-10
Updated
2021-11-30
A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.29%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.17%
Published
2021-05-27
Updated
2022-09-13
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.29%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.13%
Published
2021-05-27
Updated
2022-10-25
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.32%
Published
2021-05-27
Updated
2021-11-05
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
Max CVSS
8.8
EPSS Score
0.32%
Published
2021-05-27
Updated
2021-11-05
91 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!