# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-3965 |
119 |
|
Overflow |
2022-11-13 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. |
2 |
CVE-2022-3964 |
119 |
|
Overflow |
2022-11-13 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. |
3 |
CVE-2022-3341 |
476 |
|
|
2023-01-12 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. |
4 |
CVE-2022-3109 |
476 |
|
|
2022-12-16 |
2022-12-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. |
5 |
CVE-2022-2566 |
787 |
|
Exec Code Overflow |
2022-09-23 |
2022-10-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 |
6 |
CVE-2022-1475 |
190 |
|
Overflow |
2022-05-02 |
2022-07-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. |
7 |
CVE-2021-38291 |
617 |
|
|
2021-08-12 |
2021-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. |
8 |
CVE-2021-38171 |
252 |
|
|
2021-08-21 |
2021-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. |
9 |
CVE-2021-38114 |
252 |
|
|
2021-08-04 |
2021-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. |
10 |
CVE-2021-38094 |
190 |
|
DoS Overflow |
2021-09-20 |
2021-09-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
11 |
CVE-2021-38093 |
190 |
|
DoS Overflow |
2021-09-20 |
2021-09-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
12 |
CVE-2021-38092 |
190 |
|
DoS Overflow |
2021-09-20 |
2021-09-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
13 |
CVE-2021-38091 |
190 |
|
DoS Overflow |
2021-09-20 |
2021-09-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
14 |
CVE-2021-38090 |
190 |
|
DoS Overflow |
2021-09-20 |
2021-09-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
15 |
CVE-2021-33815 |
129 |
|
|
2021-06-03 |
2021-06-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. |
16 |
CVE-2021-30123 |
120 |
|
Exec Code Overflow |
2021-04-07 |
2021-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. |
17 |
CVE-2021-3566 |
|
|
|
2021-08-05 |
2021-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). |
18 |
CVE-2020-35965 |
787 |
|
|
2021-01-04 |
2021-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. |
19 |
CVE-2020-24995 |
120 |
|
Exec Code Overflow |
2021-03-30 |
2021-04-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). |
20 |
CVE-2020-24020 |
120 |
|
Exec Code Overflow |
2021-05-26 |
2021-05-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. |
21 |
CVE-2020-23906 |
345 |
|
DoS |
2021-11-10 |
2021-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. |
22 |
CVE-2020-22056 |
401 |
|
DoS |
2021-06-02 |
2021-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. |
23 |
CVE-2020-22054 |
401 |
|
DoS |
2021-06-02 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. |
24 |
CVE-2020-22051 |
401 |
|
DoS |
2021-06-02 |
2021-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. |
25 |
CVE-2020-22049 |
401 |
|
DoS |
2021-06-02 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. |
26 |
CVE-2020-22048 |
401 |
|
DoS |
2021-06-02 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. |
27 |
CVE-2020-22046 |
401 |
|
DoS |
2021-06-02 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. |
28 |
CVE-2020-22044 |
401 |
|
DoS |
2021-06-01 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. |
29 |
CVE-2020-22043 |
401 |
|
DoS |
2021-06-01 |
2021-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. |
30 |
CVE-2020-22042 |
401 |
|
DoS |
2021-06-01 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c. |
31 |
CVE-2020-22041 |
401 |
|
DoS |
2021-06-01 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc. |
32 |
CVE-2020-22040 |
401 |
|
DoS |
2021-06-01 |
2021-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. |
33 |
CVE-2020-22039 |
401 |
|
DoS |
2021-06-01 |
2021-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. |
34 |
CVE-2020-22038 |
401 |
|
DoS |
2021-06-01 |
2021-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. |
35 |
CVE-2020-22037 |
401 |
|
DoS |
2021-06-01 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. |
36 |
CVE-2020-22036 |
787 |
|
Overflow Mem. Corr. |
2021-06-01 |
2021-11-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences. |
37 |
CVE-2020-22035 |
120 |
|
Overflow Mem. Corr. |
2021-06-01 |
2021-11-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences. |
38 |
CVE-2020-22034 |
787 |
|
Overflow Mem. Corr. |
2021-05-27 |
2022-10-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences. |
39 |
CVE-2020-22033 |
787 |
|
DoS Overflow |
2021-05-27 |
2022-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service. |
40 |
CVE-2020-22032 |
787 |
|
Overflow Mem. Corr. |
2021-05-27 |
2022-10-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences. |
41 |
CVE-2020-22031 |
787 |
|
Overflow Mem. Corr. |
2021-05-27 |
2021-11-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences. |
42 |
CVE-2020-22030 |
787 |
|
Overflow Mem. Corr. |
2021-05-27 |
2021-11-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences. |
43 |
CVE-2020-22029 |
787 |
|
Overflow Mem. Corr. |
2021-05-27 |
2021-11-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences. |
44 |
CVE-2020-22028 |
120 |
|
DoS Overflow |
2021-05-26 |
2021-11-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. |
45 |
CVE-2020-22027 |
787 |
|
Overflow Mem. Corr. |
2021-05-27 |
2021-11-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences. |
46 |
CVE-2020-22026 |
120 |
|
DoS Overflow |
2021-05-26 |
2021-11-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. |
47 |
CVE-2020-22025 |
787 |
|
Overflow Mem. Corr. |
2021-05-27 |
2022-10-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences. |
48 |
CVE-2020-22024 |
120 |
|
DoS Overflow |
2021-05-26 |
2021-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. |
49 |
CVE-2020-22023 |
787 |
|
Overflow Mem. Corr. |
2021-05-27 |
2021-11-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences. |
50 |
CVE-2020-22022 |
787 |
|
Overflow Mem. Corr. |
2021-05-27 |
2021-11-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences. |