Ffmpeg

Ffmpeg

495 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.22%
  • Veröffentlicht 28.06.2026 02:16:30
  • Zuletzt bearbeitet 06.07.2026 13:17:07

FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can...

Medienbericht
  • EPSS 0.48%
  • Veröffentlicht 18.06.2026 11:29:00
  • Zuletzt bearbeitet 30.06.2026 03:21:43

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libav...

  • EPSS 0.13%
  • Veröffentlicht 16.04.2026 01:33:37
  • Zuletzt bearbeitet 20.04.2026 19:54:35

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.

Exploit
  • EPSS 0.34%
  • Veröffentlicht 13.04.2026 00:00:00
  • Zuletzt bearbeitet 23.04.2026 20:12:35

An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Exploit
  • EPSS 0.4%
  • Veröffentlicht 13.04.2026 00:00:00
  • Zuletzt bearbeitet 23.04.2026 20:11:49

An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.

Exploit
  • EPSS 0.45%
  • Veröffentlicht 13.04.2026 00:00:00
  • Zuletzt bearbeitet 23.04.2026 20:10:36

A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • EPSS 0.27%
  • Veröffentlicht 16.03.2026 00:00:00
  • Zuletzt bearbeitet 19.03.2026 14:19:12

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base ...

  • EPSS 0.15%
  • Veröffentlicht 18.02.2026 20:28:08
  • Zuletzt bearbeitet 26.02.2026 22:32:44

A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant ...

  • EPSS 0.3%
  • Veröffentlicht 18.02.2026 20:26:46
  • Zuletzt bearbeitet 26.02.2026 22:33:18

A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking...

  • EPSS 0.32%
  • Veröffentlicht 18.12.2025 00:00:00
  • Zuletzt bearbeitet 30.12.2025 20:04:35

Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.