Ffmpeg » Ffmpeg : Security Vulnerabilities, CVEs, Published In 2018 (Denial of service) CVSS score >= 8
In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.
Max CVSS
8.1
EPSS Score
0.25%
Published
2018-07-05
Updated
2020-01-14
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.
Max CVSS
8.8
EPSS Score
0.25%
Published
2018-07-05
Updated
2019-10-03
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.
Max CVSS
8.1
EPSS Score
0.29%
Published
2018-07-05
Updated
2021-01-04
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.
Max CVSS
8.8
EPSS Score
0.28%
Published
2018-04-07
Updated
2020-03-30
4 vulnerabilities found