Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ffmpeg
(Ffmpeg)| Repositories | https://github.com/FFmpeg/FFmpeg |
| #Vulnerabilities | 426 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-05 | CVE-2021-3566 | Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). | Debian_linux, Ffmpeg | 5.5 | ||
| 2019-10-14 | CVE-2019-17542 | FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. | Ubuntu_linux, Debian_linux, Ffmpeg | 9.8 | ||
| 2019-10-14 | CVE-2019-17539 | In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. | Ubuntu_linux, Debian_linux, Ffmpeg | 9.8 | ||
| 2021-06-01 | CVE-2020-22038 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. | Ffmpeg | 6.5 | ||
| 2021-06-01 | CVE-2020-22039 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. | Ffmpeg | 6.5 | ||
| 2021-06-01 | CVE-2020-22040 | A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. | Ffmpeg | 6.5 | ||
| 2021-06-01 | CVE-2020-22043 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. | Ffmpeg | 6.5 | ||
| 2021-06-02 | CVE-2020-22056 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. | Ffmpeg | 6.5 | ||
| 2021-05-26 | CVE-2020-22024 | Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. | Ffmpeg | 6.5 | ||
| 2021-05-25 | CVE-2020-20448 | FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. | Ffmpeg | 6.5 |