Filtered by vendor Ffmpeg
Subscriptions
Total
465 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-14170 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file. | ||||
CVE-2012-2781 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780. | ||||
CVE-2017-11399 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. | ||||
CVE-2017-14059 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | ||||
CVE-2017-17081 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. | ||||
CVE-2016-6164 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. | ||||
CVE-2017-14057 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. | ||||
CVE-2012-2780 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781. | ||||
CVE-2012-2778 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781. | ||||
CVE-2012-2773 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | ||||
CVE-2017-15672 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. | ||||
CVE-2016-10191 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. | ||||
CVE-2016-6920 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. | ||||
CVE-2016-10192 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. | ||||
CVE-2012-5361 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file. | ||||
CVE-2017-9994 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. | ||||
CVE-2013-0870 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. | ||||
CVE-2017-14054 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | N/A |
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop. | ||||
CVE-2022-3109 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-16 | 7.5 High |
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | ||||
CVE-2014-125002 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-15 | 5.3 Medium |
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |