|
2021-04-07
|
CVE-2021-30123
|
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.
|
Ffmpeg
|
8.8
|
|
|
|
2019-10-14
|
CVE-2019-17542
|
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
|
Ubuntu_linux, Debian_linux, Ffmpeg
|
9.8
|
|
|
|
2021-03-30
|
CVE-2020-24995
|
Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).
|
Ffmpeg
|
7.8
|
|
|
|
2018-02-05
|
CVE-2018-6621
|
The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
|
Debian_linux, Ffmpeg
|
6.5
|
|
|
|
2021-01-04
|
CVE-2020-35965
|
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.
|
Debian_linux, Ffmpeg
|
7.5
|
|
|
|
2019-10-14
|
CVE-2019-17539
|
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
|
Ubuntu_linux, Debian_linux, Ffmpeg
|
9.8
|
|
|
|
2018-07-19
|
CVE-2018-14395
|
libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.
|
Debian_linux, Ffmpeg
|
6.5
|
|
|
|
2018-06-15
|
CVE-2018-12458
|
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
|
Debian_linux, Ffmpeg
|
6.5
|
|
|
|
2017-11-21
|
CVE-2017-16840
|
The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
|
Debian_linux, Ffmpeg
|
9.8
|
|
|
|
2018-08-23
|
CVE-2018-15822
|
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.
|
Ffmpeg
|
7.5
|
|
|