Filtered by vendor Ffmpeg
Subscriptions
Total
428 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-22039 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 6.5 Medium |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. | ||||
| CVE-2020-22040 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 6.5 Medium |
| A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. | ||||
| CVE-2020-22043 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 6.5 Medium |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. | ||||
| CVE-2020-22056 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 6.5 Medium |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. | ||||
| CVE-2020-22024 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-03 | 6.5 Medium |
| Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. | ||||
| CVE-2020-20448 | 1 Ffmpeg | 1 Ffmpeg | 2021-05-27 | 6.5 Medium |
| FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. | ||||
| CVE-2018-6621 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-03-02 | 6.5 Medium |
| The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. | ||||
| CVE-2018-12458 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-02-05 | 6.5 Medium |
| An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | ||||
| CVE-2018-14395 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-02-05 | 6.5 Medium |
| libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. | ||||
| CVE-2017-17081 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-05 | N/A |
| The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. | ||||
| CVE-2017-14171 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-05 | N/A |
| In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop. | ||||
| CVE-2017-11719 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | N/A |
| The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. | ||||
| CVE-2017-11399 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | N/A |
| Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. | ||||
| CVE-2017-14169 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-01-04 | N/A |
| In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. | ||||
| CVE-2017-14170 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | N/A |
| In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file. | ||||
| CVE-2018-13300 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-01-04 | N/A |
| In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. | ||||
| CVE-2017-14058 | 1 Ffmpeg | 1 Ffmpeg | 2020-12-29 | N/A |
| In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). | ||||
| CVE-2020-14212 | 1 Ffmpeg | 1 Ffmpeg | 2020-09-18 | 8.8 High |
| FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. | ||||
| CVE-2019-12730 | 1 Ffmpeg | 1 Ffmpeg | 2020-08-24 | N/A |
| aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. | ||||
| CVE-2019-13312 | 1 Ffmpeg | 1 Ffmpeg | 2020-07-28 | N/A |
| block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. | ||||