| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-13390 |
369 |
|
|
2019-07-07 |
2019-09-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. |
|
2 |
CVE-2019-9721 |
125 |
|
DoS |
2019-03-12 |
2019-05-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A denial of service in the subtitle decoder in FFmpeg 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. |
|
3 |
CVE-2019-9718 |
125 |
|
DoS |
2019-03-12 |
2019-05-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. |
|
4 |
CVE-2018-1999015 |
125 |
|
|
2018-07-23 |
2018-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. |
|
5 |
CVE-2018-1999014 |
125 |
|
|
2018-07-23 |
2018-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later. |
|
6 |
CVE-2018-1999013 |
416 |
|
|
2018-07-23 |
2018-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later. |
|
7 |
CVE-2018-14395 |
369 |
|
DoS |
2018-07-19 |
2018-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. |
|
8 |
CVE-2018-14394 |
369 |
|
DoS |
2018-07-19 |
2019-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. |
|
9 |
CVE-2018-13304 |
617 |
|
DoS |
2018-07-05 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c. |
|
10 |
CVE-2018-13303 |
476 |
|
DoS |
2018-07-05 |
2018-07-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. |
|
11 |
CVE-2018-13301 |
476 |
|
DoS |
2018-07-05 |
2018-07-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. |
|
12 |
CVE-2018-12460 |
476 |
|
DoS |
2018-06-15 |
2018-08-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c. |
|
13 |
CVE-2018-12459 |
20 |
|
DoS |
2018-06-15 |
2018-08-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. |
|
14 |
CVE-2018-12458 |
20 |
|
DoS |
2018-06-15 |
2018-08-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. |
|
15 |
CVE-2018-10001 |
125 |
|
DoS |
2018-04-10 |
2018-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. |
|
16 |
CVE-2018-7751 |
835 |
|
DoS |
2018-04-24 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. |
|
17 |
CVE-2018-7557 |
125 |
|
DoS |
2018-02-28 |
2019-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. |
|
18 |
CVE-2018-6912 |
125 |
|
DoS |
2018-02-11 |
2018-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. |
|
19 |
CVE-2018-6621 |
125 |
|
DoS |
2018-02-04 |
2019-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. |
|
20 |
CVE-2018-6392 |
125 |
|
DoS |
2018-01-29 |
2019-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. |
|
21 |
CVE-2017-1000460 |
476 |
|
|
2018-01-03 |
2019-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. |
|
22 |
CVE-2017-17555 |
476 |
|
DoS |
2017-12-11 |
2018-08-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. |
|
23 |
CVE-2017-17081 |
125 |
|
DoS |
2017-11-30 |
2018-01-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. |
|
24 |
CVE-2017-15186 |
415 |
|
DoS |
2017-10-24 |
2017-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. |
|
25 |
CVE-2017-14058 |
835 |
|
DoS |
2017-08-31 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). |
|
26 |
CVE-2017-9608 |
476 |
|
DoS |
2017-12-27 |
2018-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. |
|
27 |
CVE-2016-9561 |
399 |
|
DoS |
2016-12-23 |
2016-12-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. |
|
28 |
CVE-2016-8595 |
20 |
|
DoS |
2016-12-23 |
2017-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. |
|
29 |
CVE-2016-7905 |
476 |
|
DoS |
2016-12-23 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. |
|
30 |
CVE-2016-7785 |
20 |
|
DoS |
2016-12-23 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. |
|
31 |
CVE-2016-7562 |
119 |
|
DoS Overflow |
2016-12-23 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. |
|
32 |
CVE-2016-7555 |
200 |
|
+Info |
2016-12-23 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. |
|
33 |
CVE-2016-7122 |
399 |
|
|
2016-12-23 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. |
|
34 |
CVE-2016-6881 |
399 |
|
DoS |
2016-12-23 |
2016-12-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. |
|
35 |
CVE-2016-2213 |
119 |
|
DoS Overflow |
2016-02-03 |
2016-12-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data. |
|
36 |
CVE-2016-1898 |
200 |
|
+Info |
2016-01-14 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file. |
|
37 |
CVE-2016-1897 |
200 |
|
+Info |
2016-01-14 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. |
|
38 |
CVE-2015-1208 |
191 |
|
+Info |
2018-01-09 |
2018-01-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. |
|
39 |
CVE-2013-4264 |
119 |
|
DoS Overflow |
2013-11-23 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file. |
|
40 |
CVE-2013-3675 |
20 |
|
DoS Overflow |
2013-06-09 |
2013-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data. |
|
41 |
CVE-2013-3674 |
20 |
|
DoS |
2013-06-09 |
2015-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data. |
|
42 |
CVE-2013-3673 |
119 |
|
DoS Overflow |
2013-06-09 |
2013-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data. |
|
43 |
CVE-2013-3672 |
20 |
|
DoS |
2013-06-09 |
2015-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data. |
|
44 |
CVE-2013-3671 |
189 |
|
DoS |
2013-06-09 |
2013-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message. |
|
45 |
CVE-2013-3670 |
119 |
|
DoS Overflow |
2013-06-09 |
2013-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release. |
|
46 |
CVE-2013-0860 |
20 |
|
|
2013-11-23 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. |
|
47 |
CVE-2012-6617 |
|
|
DoS |
2013-12-24 |
2013-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format. |
|
48 |
CVE-2012-6615 |
|
|
DoS |
2013-12-24 |
2013-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text. |
|
49 |
CVE-2012-0850 |
119 |
|
DoS Overflow Mem. Corr. |
2012-08-20 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow. |
|
50 |
CVE-2012-0849 |
189 |
|
DoS Overflow |
2012-08-27 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value. |
