Filtered by vendor Ffmpeg
Subscriptions
Total
445 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-46407 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 5.5 Medium |
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. | ||||
CVE-2022-48434 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.1 High |
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). | ||||
CVE-2022-3965 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 4.3 Medium |
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. | ||||
CVE-2022-3964 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 4.3 Medium |
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. | ||||
CVE-2022-3341 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 5.3 Medium |
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. | ||||
CVE-2022-3109 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 7.5 High |
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | ||||
CVE-2022-2566 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 9 Critical |
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 | ||||
CVE-2022-1475 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 5.5 Medium |
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. | ||||
CVE-2021-3566 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 5.5 Medium |
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). | ||||
CVE-2021-38291 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 7.5 High |
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. | ||||
CVE-2021-38171 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 9.8 Critical |
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. | ||||
CVE-2021-38114 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 5.5 Medium |
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. | ||||
CVE-2021-38094 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||||
CVE-2021-38093 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||||
CVE-2021-38092 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||||
CVE-2021-38091 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||||
CVE-2021-38090 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||||
CVE-2021-33815 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. | ||||
CVE-2021-30123 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. | ||||
CVE-2021-28429 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 5.5 Medium |
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. |