| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-1475 |
190 |
|
Overflow |
2022-05-02 |
2022-05-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An integer overflow vulnerability was found in FFmpeg 5.0.1 and in previous versions in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. |
|
2 |
CVE-2021-38291 |
617 |
|
|
2021-08-12 |
2021-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. |
|
3 |
CVE-2021-3566 |
|
|
|
2021-08-05 |
2021-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). |
|
4 |
CVE-2020-35965 |
787 |
|
|
2021-01-04 |
2021-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. |
|
5 |
CVE-2020-14212 |
787 |
|
Overflow |
2020-06-16 |
2020-09-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. |
|
6 |
CVE-2019-17542 |
129 |
|
Overflow |
2019-10-14 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. |
|
7 |
CVE-2019-17539 |
476 |
|
|
2019-10-14 |
2021-06-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. |
|
8 |
CVE-2019-15942 |
252 |
|
|
2019-09-05 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. |
|
9 |
CVE-2019-12730 |
908 |
|
|
2019-06-04 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. |
|
10 |
CVE-2019-11339 |
125 |
|
DoS |
2019-04-19 |
2019-05-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data. |
|
11 |
CVE-2018-1999015 |
125 |
|
|
2018-07-23 |
2018-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. |
|
12 |
CVE-2018-1999014 |
125 |
|
|
2018-07-23 |
2018-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later. |
|
13 |
CVE-2018-1999013 |
416 |
|
|
2018-07-23 |
2018-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later. |
|
14 |
CVE-2018-1999012 |
835 |
|
|
2018-07-23 |
2019-10-03 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later. |
|
15 |
CVE-2018-1999011 |
119 |
|
Exec Code Overflow |
2018-07-23 |
2019-05-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later. |
|
16 |
CVE-2018-1999010 |
125 |
|
|
2018-07-23 |
2019-03-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later. |
|
17 |
CVE-2018-15822 |
617 |
|
|
2018-08-23 |
2021-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. |
|
18 |
CVE-2018-14394 |
369 |
|
DoS |
2018-07-19 |
2019-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. |
|
19 |
CVE-2018-10001 |
125 |
|
DoS |
2018-04-11 |
2020-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. |
|
20 |
CVE-2018-9841 |
125 |
|
DoS |
2018-04-07 |
2020-03-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename. |
|
21 |
CVE-2018-7751 |
835 |
|
DoS |
2018-04-24 |
2020-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. |
|
22 |
CVE-2018-7557 |
125 |
|
DoS |
2018-02-28 |
2021-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. |
|
23 |
CVE-2018-6912 |
125 |
|
DoS |
2018-02-12 |
2020-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. |
|
24 |
CVE-2018-6621 |
125 |
|
DoS |
2018-02-05 |
2021-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. |
|
25 |
CVE-2018-6392 |
125 |
|
DoS |
2018-01-29 |
2019-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. |
|
26 |
CVE-2017-15672 |
125 |
|
|
2017-11-06 |
2021-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. |
|
27 |
CVE-2017-15186 |
415 |
|
DoS |
2017-10-24 |
2017-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. |
|
28 |
CVE-2017-14767 |
119 |
|
DoS Overflow |
2017-09-27 |
2019-01-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. |
|
29 |
CVE-2017-11719 |
125 |
|
DoS |
2017-07-28 |
2021-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. |
|
30 |
CVE-2017-11399 |
125 |
|
DoS Overflow |
2017-07-17 |
2021-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. |
|
31 |
CVE-2017-9994 |
119 |
|
DoS Overflow |
2017-06-28 |
2019-03-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. |
|
32 |
CVE-2017-9993 |
200 |
|
+Info |
2017-06-28 |
2019-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. |
|
33 |
CVE-2017-9992 |
119 |
|
DoS Overflow |
2017-06-28 |
2019-03-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
|
34 |
CVE-2017-9991 |
119 |
|
DoS Overflow |
2017-06-28 |
2017-07-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
|
35 |
CVE-2017-9990 |
119 |
|
DoS Overflow |
2017-06-28 |
2017-07-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
|
36 |
CVE-2017-9608 |
476 |
|
DoS |
2017-12-27 |
2018-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. |
|
37 |
CVE-2017-7866 |
787 |
|
Overflow |
2017-04-14 |
2017-04-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. |
|
38 |
CVE-2017-7865 |
787 |
|
Overflow |
2017-04-14 |
2019-03-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. |
|
39 |
CVE-2017-7863 |
787 |
|
Overflow |
2017-04-14 |
2019-03-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. |
|
40 |
CVE-2017-7862 |
787 |
|
Overflow |
2017-04-14 |
2018-11-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. |
|
41 |
CVE-2017-7859 |
787 |
|
Overflow |
2017-04-14 |
2017-04-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. |
|
42 |
CVE-2016-10192 |
119 |
|
Exec Code Overflow |
2017-02-09 |
2017-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. |
|
43 |
CVE-2016-10191 |
119 |
|
Exec Code Overflow |
2017-02-09 |
2018-12-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. |
|
44 |
CVE-2016-10190 |
119 |
|
Exec Code Overflow |
2017-02-09 |
2018-12-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. |
|
45 |
CVE-2016-9561 |
399 |
|
DoS |
2016-12-23 |
2016-12-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. |
|
46 |
CVE-2016-8595 |
20 |
|
DoS |
2016-12-23 |
2017-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. |
|
47 |
CVE-2016-7905 |
476 |
|
DoS |
2016-12-23 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. |
|
48 |
CVE-2016-7785 |
20 |
|
DoS |
2016-12-23 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. |
|
49 |
CVE-2016-7562 |
119 |
|
DoS Overflow |
2016-12-23 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. |
|
50 |
CVE-2016-7555 |
200 |
|
+Info |
2016-12-23 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. |
