ReportizFlow
Filtered by vendor Ffmpeg
Subscriptions
Total
498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8363 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers. | ||||
| CVE-2016-9561 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. | ||||
| CVE-2016-6671 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. | ||||
| CVE-2015-6823 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. | ||||
| CVE-2015-6822 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. | ||||
| CVE-2015-8661 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. | ||||
| CVE-2015-8662 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. | ||||
| CVE-2015-6825 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file. | ||||
| CVE-2014-9676 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free. | ||||
| CVE-2015-6826 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2025-04-12 | N/A |
| The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data. | ||||
| CVE-2014-7933 | 3 Ffmpeg, Google, Redhat | 3 Ffmpeg, Chrome, Rhel Extras | 2025-04-12 | N/A |
| Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data. | ||||
| CVE-2014-8548 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2025-04-12 | N/A |
| Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data. | ||||
| CVE-2014-8549 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data. | ||||
| CVE-2014-8545 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data. | ||||
| CVE-2014-8546 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data. | ||||
| CVE-2014-9318 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size. | ||||
| CVE-2016-7450 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. | ||||
| CVE-2016-1898 | 3 Canonical, Ffmpeg, Opensuse | 3 Ubuntu Linux, Ffmpeg, Leap | 2025-04-12 | N/A |
| FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file. | ||||
| CVE-2016-2328 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions. | ||||
| CVE-2014-8547 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2025-04-12 | N/A |
| libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data. | ||||