Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).
Max CVSS
5.5
EPSS Score
0.09%
Published
2021-08-05
Updated
2022-12-21
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.
Max CVSS
7.5
EPSS Score
0.47%
Published
2017-06-28
Updated
2019-03-26
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.
Max CVSS
5.5
EPSS Score
0.08%
Published
2016-12-23
Updated
2017-07-01
3 vulnerabilities found