#Vulnerabilities 326
Date Id Summary Products Score Patch Annotated
2021-04-07 CVE-2021-30123 FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. Ffmpeg 8.8
2019-10-14 CVE-2019-17542 FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. Ubuntu_linux, Debian_linux, Ffmpeg 9.8
2021-03-30 CVE-2020-24995 Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). Ffmpeg 7.8
2018-02-05 CVE-2018-6621 The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. Debian_linux, Ffmpeg 6.5
2021-01-04 CVE-2020-35965 decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. Debian_linux, Ffmpeg 7.5
2019-10-14 CVE-2019-17539 In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. Ubuntu_linux, Debian_linux, Ffmpeg 9.8
2018-07-19 CVE-2018-14395 libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. Debian_linux, Ffmpeg 6.5
2018-06-15 CVE-2018-12458 An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. Debian_linux, Ffmpeg 6.5
2017-11-21 CVE-2017-16840 The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. Debian_linux, Ffmpeg 9.8
2018-08-23 CVE-2018-15822 The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. Ffmpeg 7.5