| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2016-1898 |
200 |
|
+Info |
2016-01-15 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file. |
|
2 |
CVE-2016-1897 |
200 |
|
+Info |
2016-01-15 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. |
|
3 |
CVE-2014-125025 |
787 |
|
Mem. Corr. |
2022-06-19 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
|
4 |
CVE-2014-125024 |
787 |
|
Mem. Corr. |
2022-06-19 |
2022-06-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
|
5 |
CVE-2014-125023 |
787 |
|
Mem. Corr. |
2022-06-19 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
|
6 |
CVE-2014-125022 |
787 |
|
Mem. Corr. |
2022-06-19 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
|
7 |
CVE-2014-125021 |
787 |
|
Mem. Corr. |
2022-06-19 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
|
8 |
CVE-2014-125020 |
787 |
|
Mem. Corr. |
2022-06-19 |
2022-06-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. |
|
9 |
CVE-2014-125019 |
787 |
|
Mem. Corr. |
2022-06-19 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
|
10 |
CVE-2014-125018 |
787 |
|
Mem. Corr. |
2022-06-19 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
|
11 |
CVE-2014-125017 |
125 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue. |
|
12 |
CVE-2014-125016 |
787 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
|
13 |
CVE-2014-125015 |
787 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
|
14 |
CVE-2014-125014 |
787 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
|
15 |
CVE-2014-125013 |
787 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
|
16 |
CVE-2014-125012 |
681 |
|
|
2022-06-18 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
|
17 |
CVE-2014-125011 |
681 |
|
|
2022-06-18 |
2022-06-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
|
18 |
CVE-2014-125010 |
787 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
|
19 |
CVE-2014-125009 |
787 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
|
20 |
CVE-2014-125008 |
787 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
|
21 |
CVE-2014-125007 |
787 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
|
22 |
CVE-2014-125006 |
787 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
|
23 |
CVE-2014-125005 |
787 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
|
24 |
CVE-2014-125004 |
787 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. |
|
25 |
CVE-2014-125003 |
787 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
|
26 |
CVE-2014-125002 |
787 |
|
Mem. Corr. |
2022-06-18 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
|
27 |
CVE-2014-8549 |
189 |
|
DoS |
2014-11-05 |
2016-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data. |
|
28 |
CVE-2014-8548 |
119 |
|
DoS Overflow |
2014-11-05 |
2016-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data. |
|
29 |
CVE-2014-8547 |
119 |
|
DoS Overflow |
2014-11-05 |
2016-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data. |
|
30 |
CVE-2014-8546 |
189 |
|
DoS |
2014-11-05 |
2016-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data. |
|
31 |
CVE-2014-8545 |
189 |
|
DoS |
2014-11-05 |
2016-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data. |
|
32 |
CVE-2014-8544 |
20 |
|
DoS |
2014-11-05 |
2016-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data. |
|
33 |
CVE-2014-8543 |
20 |
|
DoS |
2014-11-05 |
2016-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data. |
|
34 |
CVE-2014-8541 |
119 |
|
DoS Overflow |
2014-11-05 |
2016-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data. |
|
35 |
CVE-2014-5272 |
119 |
|
Overflow |
2014-11-03 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats. |
|
36 |
CVE-2014-5271 |
119 |
|
DoS Exec Code Overflow |
2014-11-03 |
2016-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. |
|
37 |
CVE-2014-2263 |
119 |
|
Overflow |
2014-03-01 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write. |
|
38 |
CVE-2014-2099 |
189 |
|
DoS |
2014-03-02 |
2014-03-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data. |
|
39 |
CVE-2014-2098 |
119 |
|
DoS Overflow Mem. Corr. |
2014-03-02 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data. |
|
40 |
CVE-2014-2097 |
20 |
|
DoS |
2014-03-02 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data. |
|
41 |
CVE-2013-7024 |
119 |
|
DoS Overflow |
2013-12-09 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. |
|
42 |
CVE-2013-7023 |
119 |
|
DoS Overflow |
2013-12-09 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. |
|
43 |
CVE-2013-7022 |
119 |
|
DoS Overflow |
2013-12-09 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data. |
|
44 |
CVE-2013-7021 |
399 |
|
DoS |
2013-12-09 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data. |
|
45 |
CVE-2013-7020 |
119 |
|
DoS Overflow |
2013-12-09 |
2017-01-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. |
|
46 |
CVE-2013-7019 |
20 |
|
DoS |
2013-12-09 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. |
|
47 |
CVE-2013-7018 |
119 |
|
DoS Overflow |
2013-12-09 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. |
|
48 |
CVE-2013-7017 |
|
|
DoS |
2013-12-09 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data. |
|
49 |
CVE-2013-7016 |
119 |
|
DoS Overflow |
2013-12-09 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. |
|
50 |
CVE-2013-7015 |
20 |
|
DoS |
2013-12-09 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data. |
