ReportizFlow
Filtered by vendor Ffmpeg
Subscriptions
Filtered by product Ffmpeg
Subscriptions
Total
487 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14171 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop. | ||||
| CVE-2017-14222 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | ||||
| CVE-2017-15186 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | ||||
| CVE-2017-14059 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | ||||
| CVE-2017-14054 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop. | ||||
| CVE-2017-14169 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
| In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. | ||||
| CVE-2017-14223 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
| In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | ||||
| CVE-2017-7865 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
| FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. | ||||
| CVE-2016-6164 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. | ||||
| CVE-2017-14055 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop. | ||||
| CVE-2017-7866 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. | ||||
| CVE-2013-0870 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. | ||||
| CVE-2012-2771 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | ||||
| CVE-2017-14170 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file. | ||||
| CVE-2012-2781 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780. | ||||
| CVE-2012-2773 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | ||||
| CVE-2017-17555 | 2 Aubio, Ffmpeg | 3 Aubio, Ffmpeg, Libswresample | 2025-04-20 | N/A |
| The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. | ||||
| CVE-2017-11719 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. | ||||
| CVE-2017-17081 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. | ||||
| CVE-2012-2805 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
| Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. | ||||