Vulnerabilities (CVE)

Filtered by vendor Ffmpeg Subscribe
Total 458 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-7023 1 Ffmpeg 1 Ffmpeg 2025-04-11 6.8 MEDIUM N/A
The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.
CVE-2013-0874 1 Ffmpeg 1 Ffmpeg 2025-04-11 9.3 HIGH N/A
The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds array access.
CVE-2012-2790 2 Ffmpeg, Libav 2 Ffmpeg, Libav 2025-04-11 10.0 HIGH N/A
Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode."
CVE-2013-0847 1 Ffmpeg 1 Ffmpeg 2025-04-11 9.3 HIGH N/A
The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access.
CVE-2011-2161 1 Ffmpeg 1 Ffmpeg 2025-04-11 4.3 MEDIUM N/A
The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.
CVE-2011-3952 2 Ffmpeg, Libav 2 Ffmpeg, Libav 2025-04-11 6.8 MEDIUM N/A
The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.
CVE-2012-6617 1 Ffmpeg 1 Ffmpeg 2025-04-11 4.3 MEDIUM N/A
The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.
CVE-2013-7021 1 Ffmpeg 1 Ffmpeg 2025-04-11 6.8 MEDIUM N/A
The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data.
CVE-2013-0858 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2025-04-11 9.3 HIGH N/A
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.
CVE-2012-2793 2 Ffmpeg, Libav 2 Ffmpeg, Libav 2025-04-11 10.0 HIGH N/A
Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros."
CVE-2013-0856 1 Ffmpeg 1 Ffmpeg 2025-04-11 9.3 HIGH N/A
The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value.
CVE-2013-0868 1 Ffmpeg 1 Ffmpeg 2025-04-11 9.3 HIGH N/A
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."
CVE-2013-0853 1 Ffmpeg 1 Ffmpeg 2025-04-11 9.3 HIGH N/A
The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.
CVE-2011-3974 1 Ffmpeg 1 Ffmpeg 2025-04-11 5.0 MEDIUM N/A
Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.
CVE-2011-3945 2 Ffmpeg, Libav 2 Ffmpeg, Libav 2025-04-11 6.8 MEDIUM N/A
The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.
CVE-2013-0878 1 Ffmpeg 1 Ffmpeg 2025-04-11 9.3 HIGH N/A
The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access.
CVE-2009-4638 1 Ffmpeg 1 Ffmpeg 2025-04-11 4.3 MEDIUM N/A
Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
CVE-2009-4635 1 Ffmpeg 1 Ffmpeg 2025-04-11 9.3 HIGH N/A
FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.
CVE-2013-4264 1 Ffmpeg 1 Ffmpeg 2025-04-11 4.3 MEDIUM N/A
The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.
CVE-2012-2797 2 Ffmpeg, Libav 2 Ffmpeg, Libav 2025-04-11 10.0 HIGH N/A
Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."