ReportizFlow
Filtered by vendor Ffmpeg
Subscriptions
Filtered by product Ffmpeg
Subscriptions
Total
464 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55069 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 5.3 Medium |
| ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c. | ||||
| CVE-2024-31578 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | 7.5 High |
| FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. | ||||
| CVE-2024-36617 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.2 Medium |
| FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. | ||||
| CVE-2025-1594 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1373 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 3.3 Low |
| A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-7055 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. | ||||
| CVE-2024-35369 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 5.5 Medium |
| In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. | ||||
| CVE-2024-36619 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 5.3 Medium |
| FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. | ||||
| CVE-2024-36618 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.2 Medium |
| FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. | ||||
| CVE-2024-36615 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 5.9 Medium |
| FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. | ||||
| CVE-2024-36616 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.5 Medium |
| An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. | ||||
| CVE-2024-35366 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 9.1 Critical |
| FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. | ||||
| CVE-2024-35367 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 9.1 Critical |
| FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer | ||||
| CVE-2024-35368 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 9.8 Critical |
| FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. | ||||
| CVE-2024-35365 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 8.8 High |
| FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. | ||||
| CVE-2024-36613 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.2 Medium |
| FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. | ||||
| CVE-2024-31582 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | 7.8 High |
| FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. | ||||
| CVE-2024-31585 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | 5.3 Medium |
| FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-32228 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.6 Medium |
| FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. | ||||
| CVE-2024-32229 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 8.4 High |
| FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. | ||||