Ffmpeg

Ffmpeg

484 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2012-5360

  • EPSS 0.79%
  • Published 08.02.2018 23:29:00
  • Last modified 21.11.2024 01:44:35

Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.

6.5

CVE-2018-6621

  • EPSS 0.68%
  • Published 05.02.2018 04:29:00
  • Last modified 21.11.2024 04:11:00

The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.

6.5

CVE-2018-6392

  • EPSS 0.57%
  • Published 29.01.2018 19:29:01
  • Last modified 21.11.2024 04:10:37

The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.

5.5

CVE-2015-1208

  • EPSS 0.32%
  • Published 09.01.2018 16:29:00
  • Last modified 21.11.2024 02:24:53

Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.

6.5

CVE-2017-1000460

Exploit
  • EPSS 0.22%
  • Published 03.01.2018 20:29:00
  • Last modified 21.11.2024 03:04:46

In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exceptio...

6.5

CVE-2017-9608

  • EPSS 8.94%
  • Published 27.12.2017 19:29:00
  • Last modified 20.04.2025 01:37:25

The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.

6.5

CVE-2017-17555

  • EPSS 0.36%
  • Published 12.12.2017 01:29:00
  • Last modified 20.04.2025 01:37:25

The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)...

6.5

CVE-2017-17081

  • EPSS 0.53%
  • Published 30.11.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG ...

9.8

CVE-2017-16840

  • EPSS 1.59%
  • Published 21.11.2017 08:29:00
  • Last modified 20.04.2025 01:37:25

The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.

8.8

CVE-2017-15672

  • EPSS 1.16%
  • Published 06.11.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.