Filtered by vendor Ffmpeg
Subscriptions
Filtered by product Ffmpeg
Subscriptions
Total
427 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-1999014 | 1 Ffmpeg | 1 Ffmpeg | 2018-09-19 | N/A |
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later. | ||||
CVE-2018-13303 | 1 Ffmpeg | 1 Ffmpeg | 2018-07-18 | N/A |
In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. | ||||
CVE-2018-13301 | 1 Ffmpeg | 1 Ffmpeg | 2018-07-18 | N/A |
In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. | ||||
CVE-2017-11665 | 1 Ffmpeg | 1 Ffmpeg | 2018-06-13 | N/A |
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. | ||||
CVE-2012-5360 | 1 Ffmpeg | 1 Ffmpeg | 2018-02-23 | N/A |
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. | ||||
CVE-2012-5359 | 1 Ffmpeg | 1 Ffmpeg | 2018-02-23 | N/A |
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file. | ||||
CVE-2012-5361 | 1 Ffmpeg | 1 Ffmpeg | 2018-02-09 | N/A |
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file. | ||||
CVE-2017-9608 | 1 Ffmpeg | 1 Ffmpeg | 2018-01-17 | N/A |
The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. | ||||
CVE-2017-15186 | 1 Ffmpeg | 1 Ffmpeg | 2017-11-29 | N/A |
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | ||||
CVE-2017-14225 | 1 Ffmpeg | 1 Ffmpeg | 2017-11-04 | N/A |
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) | ||||
CVE-2016-2839 | 3 Ffmpeg, Linux, Mozilla | 4 Ffmpeg, Linux Kernel, Firefox and 1 more | 2017-08-16 | N/A |
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video. | ||||
CVE-2008-4869 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2017-08-08 | N/A |
FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak." | ||||
CVE-2008-4868 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2017-08-08 | N/A |
Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers." | ||||
CVE-2008-4867 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2017-08-08 | N/A |
Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. | ||||
CVE-2008-4866 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2017-08-08 | N/A |
Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY. | ||||
CVE-2017-9990 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-05 | N/A |
Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | ||||
CVE-2017-9996 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-05 | N/A |
The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | ||||
CVE-2017-9991 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-05 | N/A |
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | ||||
CVE-2017-9995 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-03 | N/A |
libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | ||||
CVE-2016-7905 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-01 | N/A |
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. |