Filtered by vendor Ffmpeg
Subscriptions
Total
497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-30997 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-23 | 7.5 High |
| An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-30998 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-23 | 7.5 High |
| An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file. | ||||
| CVE-2026-30999 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-23 | 7.5 High |
| A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2008-4867 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2026-04-23 | N/A |
| Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. | ||||
| CVE-2008-4868 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2026-04-23 | N/A |
| Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers." | ||||
| CVE-2008-4866 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2026-04-23 | N/A |
| Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY. | ||||
| CVE-2008-4869 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2026-04-23 | N/A |
| FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak." | ||||
| CVE-2008-3230 | 1 Ffmpeg | 1 Lavf Demuxer | 2026-04-23 | N/A |
| The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif. | ||||
| CVE-2009-0385 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2026-04-23 | N/A |
| Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. | ||||
| CVE-2008-3162 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-23 | N/A |
| Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors. | ||||
| CVE-2026-40962 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-20 | 4.9 Medium |
| FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. | ||||
| CVE-2026-6385 | 2 Ffmpeg, Redhat | 5 Ffmpeg, Ai Inference Server, Enterprise Linux Ai and 2 more | 2026-04-17 | 6.5 Medium |
| A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution. | ||||
| CVE-2005-4048 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-16 | N/A |
| Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. | ||||
| CVE-2006-4800 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-16 | N/A |
| Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. | ||||
| CVE-2025-59729 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | 6.8 Medium |
| When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAX_DURATION_BUFFER_SIZE bytes (0x100000) for example 0x101000 bytes, then at [0] we have size = 0x101000. At [1] we have end_buffer_size = 0x100000, and at [2] we have end_buffer_pos = 0x1000. The loop then scans backwards through the buffer looking for the dhav tag; when it is found, we'll calculate end_pos based on a 32-bit offset read from the buffer. There is subsequently a check [3] that end_pos is within the section of the file that has been copied into end_buffer, but it only correctly handles the cases where end_pos is before the start of the file or after the section copied into end_buffer, and not the case where end_pos is within the the file, but before the section copied into end_buffer. If we provide such an offset, (end_pos - end_buffer_pos) can underflow, resulting in the subsequent access at [4] occurring before the beginning of the allocation. We recommend upgrading to version 8.0 or beyond. | ||||
| CVE-2025-9951 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | N/A |
| A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000. | ||||
| CVE-2025-59732 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | 6.5 Medium |
| When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8. The buffer td->uncompressed_data is allocated in decode_block based on the precise height and width of the image, so the "rounded-up" multiple of 8 in the copy loop can exceed the buffer bounds, and the write block starting at [2] can corrupt following heap memory. We recommend upgrading to version 8.0 or beyond. | ||||
| CVE-2025-25473 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | 5.3 Medium |
| FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c. | ||||
| CVE-2025-1816 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | 4.3 Medium |
| A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-59731 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | N/A |
| When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond. | ||||