CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Ffmpeg : Security Vulnerabilities (CVSS score between 5 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-38291 617 2021-08-12 2021-12-02
5.0
None Remote Low Not required None None Partial
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.
2 CVE-2021-38094 190 DoS Overflow 2021-09-20 2021-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
3 CVE-2021-38093 190 DoS Overflow 2021-09-20 2021-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
4 CVE-2021-38092 190 DoS Overflow 2021-09-20 2021-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
5 CVE-2021-38091 190 DoS Overflow 2021-09-20 2021-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
6 CVE-2021-38090 190 DoS Overflow 2021-09-20 2021-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
7 CVE-2021-33815 129 2021-06-03 2021-06-07
6.8
None Remote Medium Not required Partial Partial Partial
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.
8 CVE-2021-30123 120 Exec Code Overflow 2021-04-07 2021-09-29
6.8
None Remote Medium Not required Partial Partial Partial
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.
9 CVE-2020-35965 787 2021-01-04 2021-11-05
5.0
None Remote Low Not required None None Partial
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.
10 CVE-2020-24020 120 Exec Code Overflow 2021-05-26 2021-05-28
6.5
None Remote Low ??? Partial Partial Partial
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.
11 CVE-2020-22036 787 Overflow Mem. Corr. 2021-06-01 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.
12 CVE-2020-22035 120 Overflow Mem. Corr. 2021-06-01 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.
13 CVE-2020-22034 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.
14 CVE-2020-22032 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.
15 CVE-2020-22031 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
16 CVE-2020-22030 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
17 CVE-2020-22029 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
18 CVE-2020-22027 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.
19 CVE-2020-22025 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
20 CVE-2020-22023 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
21 CVE-2020-22022 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
22 CVE-2020-22017 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.
23 CVE-2020-22016 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
24 CVE-2020-22015 120 DoS Exec Code Overflow +Info 2021-05-26 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.
25 CVE-2020-21688 416 Exec Code 2021-08-10 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
26 CVE-2020-21041 120 DoS Overflow 2021-05-24 2021-12-10
5.0
None Remote Low Not required None None Partial
Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service
27 CVE-2020-20898 190 DoS Overflow 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
28 CVE-2020-20896 476 DoS 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.
29 CVE-2020-20892 369 DoS 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.
30 CVE-2020-20891 120 DoS Overflow 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
31 CVE-2020-20451 401 DoS 2021-05-25 2021-11-30
5.0
None Remote Low Not required None None Partial
Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c.
32 CVE-2020-20450 476 DoS 2021-05-25 2021-11-30
5.0
None Remote Low Not required None None Partial
FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.
33 CVE-2020-14212 787 Overflow 2020-06-16 2020-09-18
6.8
None Remote Medium Not required Partial Partial Partial
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
34 CVE-2019-15942 252 2019-09-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.
35 CVE-2019-13312 125 2019-07-05 2020-07-28
6.8
None Remote Medium Not required Partial Partial Partial
block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.
36 CVE-2019-11339 125 DoS 2019-04-19 2019-05-06
6.8
None Remote Medium Not required Partial Partial Partial
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
37 CVE-2019-11338 476 DoS 2019-04-19 2021-01-04
6.8
None Remote Medium Not required Partial Partial Partial
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
38 CVE-2018-1999011 119 Exec Code Overflow 2018-07-23 2019-05-23
6.8
None Remote Medium Not required Partial Partial Partial
FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later.
39 CVE-2018-15822 617 2018-08-23 2021-01-05
5.0
None Remote Low Not required None None Partial
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.
40 CVE-2018-13305 125 DoS 2018-07-05 2020-01-14
5.8
None Remote Medium Not required Partial None Partial
In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.
41 CVE-2018-13302 129 DoS 2018-07-05 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.
42 CVE-2018-13300 125 DoS 2018-07-05 2021-01-04
5.8
None Remote Medium Not required Partial None Partial
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.
43 CVE-2018-9841 125 DoS 2018-04-07 2020-03-30
6.8
None Remote Medium Not required Partial Partial Partial
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.
44 CVE-2017-15672 125 2017-11-06 2021-01-04
6.8
None Remote Medium Not required Partial Partial Partial
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
45 CVE-2017-14767 119 DoS Overflow 2017-09-27 2019-01-08
6.8
None Remote Medium Not required Partial Partial Partial
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.
46 CVE-2017-14225 476 2017-09-09 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)
47 CVE-2017-14169 20 Bypass 2017-09-07 2021-01-04
6.8
None Remote Medium Not required Partial Partial Partial
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.
48 CVE-2017-11719 125 DoS 2017-07-28 2021-01-04
6.8
None Remote Medium Not required Partial Partial Partial
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.
49 CVE-2017-11665 20 DoS 2017-07-27 2018-06-13
5.0
None Remote Low Not required None None Partial
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.
50 CVE-2017-11399 125 DoS Overflow 2017-07-17 2021-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.
Total number of vulnerabilities : 138   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.