|
2009-02-02
|
CVE-2009-0385
|
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.
|
Ubuntu_linux, Debian_linux, Fedora, Ffmpeg
|
N/A
|
|
|
|
2020-06-16
|
CVE-2020-14212
|
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
|
Ffmpeg
|
N/A
|
|
|
|
2020-06-07
|
CVE-2020-13904
|
FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
|
Ffmpeg
|
N/A
|
|
|
|
2020-04-28
|
CVE-2020-12284
|
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
|
Ffmpeg
|
N/A
|
|
|
|
2019-10-14
|
CVE-2019-17542
|
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
|
Ffmpeg
|
N/A
|
|
|
|
2019-10-14
|
CVE-2019-17539
|
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
|
Ffmpeg
|
N/A
|
|
|
|
2019-07-07
|
CVE-2019-13390
|
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.
|
Ffmpeg
|
6.5
|
|
|
|
2019-07-05
|
CVE-2019-13312
|
block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.
|
Ffmpeg
|
8.8
|
|
|
|
2018-04-07
|
CVE-2018-9841
|
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.
|
Ffmpeg
|
8.8
|
|
|
|
2018-04-24
|
CVE-2018-7751
|
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.
|
Ffmpeg
|
6.5
|
|
|