Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ffmpeg
(Ffmpeg)Repositories | https://github.com/FFmpeg/FFmpeg |
#Vulnerabilities | 426 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-01-27 | CVE-2024-22862 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | Ffmpeg | 9.8 | ||
2024-01-27 | CVE-2024-22860 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | Ffmpeg | 9.8 | ||
2024-01-27 | CVE-2024-22861 | Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | Ffmpeg | 7.5 | ||
2023-10-27 | CVE-2023-46407 | FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. | Ffmpeg | 5.5 | ||
2021-06-03 | CVE-2021-33815 | dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. | Ffmpeg | 8.8 | ||
2021-08-12 | CVE-2021-38291 | FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. | Debian_linux, Ffmpeg | 7.5 | ||
2021-08-21 | CVE-2021-38171 | adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. | Debian_linux, Ffmpeg | 9.8 | ||
2022-05-02 | CVE-2022-1475 | An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. | Ffmpeg | 5.5 | ||
2022-11-13 | CVE-2022-3964 | A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. | Ffmpeg | 8.1 | ||
2022-11-13 | CVE-2022-3965 | A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. | Ffmpeg | 8.1 |