CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Ffmpeg : Security Vulnerabilities (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-38094 190 DoS Overflow 2021-09-20 2021-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
2 CVE-2021-38093 190 DoS Overflow 2021-09-20 2021-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
3 CVE-2021-38092 190 DoS Overflow 2021-09-20 2021-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
4 CVE-2021-38091 190 DoS Overflow 2021-09-20 2021-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
5 CVE-2021-38090 190 DoS Overflow 2021-09-20 2021-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
6 CVE-2021-30123 120 Exec Code Overflow 2021-04-07 2021-09-29
6.8
None Remote Medium Not required Partial Partial Partial
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.
7 CVE-2020-24995 120 Exec Code Overflow 2021-03-30 2021-04-02
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).
8 CVE-2020-24020 120 Exec Code Overflow 2021-05-26 2021-05-28
6.5
None Remote Low ??? Partial Partial Partial
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.
9 CVE-2020-22036 787 Overflow Mem. Corr. 2021-06-01 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.
10 CVE-2020-22035 120 Overflow Mem. Corr. 2021-06-01 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.
11 CVE-2020-22034 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.
12 CVE-2020-22033 787 DoS Overflow 2021-05-27 2021-11-05
4.3
None Remote Medium Not required None None Partial
A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.
13 CVE-2020-22032 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.
14 CVE-2020-22031 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
15 CVE-2020-22030 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
16 CVE-2020-22029 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
17 CVE-2020-22028 120 DoS Overflow 2021-05-26 2021-11-05
4.3
None Remote Medium Not required None None Partial
Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.
18 CVE-2020-22027 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.
19 CVE-2020-22026 120 DoS Overflow 2021-05-26 2021-11-05
4.3
None Remote Medium Not required None None Partial
Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.
20 CVE-2020-22025 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
21 CVE-2020-22024 120 DoS Overflow 2021-05-26 2021-06-03
4.3
None Remote Medium Not required None None Partial
Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service.
22 CVE-2020-22023 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
23 CVE-2020-22022 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
24 CVE-2020-22021 120 DoS Overflow 2021-05-26 2021-11-05
4.3
None Remote Medium Not required None None Partial
Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.
25 CVE-2020-22020 120 DoS Overflow 2021-05-26 2021-11-05
4.3
None Remote Medium Not required None None Partial
Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.
26 CVE-2020-22019 120 DoS Overflow 2021-05-26 2021-11-05
4.3
None Remote Medium Not required None None Partial
Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service.
27 CVE-2020-22017 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.
28 CVE-2020-22016 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
29 CVE-2020-22015 120 DoS Exec Code Overflow +Info 2021-05-26 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.
30 CVE-2020-21041 120 DoS Overflow 2021-05-24 2021-12-10
5.0
None Remote Low Not required None None Partial
Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service
31 CVE-2020-20898 190 DoS Overflow 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
32 CVE-2020-20891 120 DoS Overflow 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
33 CVE-2020-14212 787 Overflow 2020-06-16 2020-09-18
6.8
None Remote Medium Not required Partial Partial Partial
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
34 CVE-2020-12284 787 Overflow 2020-04-28 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
35 CVE-2019-17542 129 Overflow 2019-10-14 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
36 CVE-2018-1999011 119 Exec Code Overflow 2018-07-23 2019-05-23
6.8
None Remote Medium Not required Partial Partial Partial
FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later.
37 CVE-2017-14767 119 DoS Overflow 2017-09-27 2019-01-08
6.8
None Remote Medium Not required Partial Partial Partial
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.
38 CVE-2017-11399 125 DoS Overflow 2017-07-17 2021-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.
39 CVE-2017-9996 119 DoS Overflow 2017-06-28 2017-07-05
6.8
None Remote Medium Not required Partial Partial Partial
The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
40 CVE-2017-9995 119 DoS Overflow 2017-06-28 2017-07-03
6.8
None Remote Medium Not required Partial Partial Partial
libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
41 CVE-2017-9994 119 DoS Overflow 2017-06-28 2019-03-20
6.8
None Remote Medium Not required Partial Partial Partial
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.
42 CVE-2017-9992 119 DoS Overflow 2017-06-28 2019-03-20
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
43 CVE-2017-9991 119 DoS Overflow 2017-06-28 2017-07-05
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
44 CVE-2017-9990 119 DoS Overflow 2017-06-28 2017-07-05
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
45 CVE-2017-7866 787 Overflow 2017-04-14 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.
46 CVE-2017-7865 787 Overflow 2017-04-14 2019-03-05
7.5
None Remote Low Not required Partial Partial Partial
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.
47 CVE-2017-7863 787 Overflow 2017-04-14 2019-03-04
7.5
None Remote Low Not required Partial Partial Partial
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.
48 CVE-2017-7862 787 Overflow 2017-04-14 2018-11-27
7.5
None Remote Low Not required Partial Partial Partial
FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.
49 CVE-2017-7859 787 Overflow 2017-04-14 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.
50 CVE-2016-10192 119 Exec Code Overflow 2017-02-09 2017-02-24
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.
Total number of vulnerabilities : 156   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.