Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ffmpeg
(Ffmpeg)Repositories | https://github.com/FFmpeg/FFmpeg |
#Vulnerabilities | 426 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-06-16 | CVE-2020-14212 | FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. | Ffmpeg | N/A | ||
2019-07-07 | CVE-2019-13390 | In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. | Ffmpeg | 6.5 | ||
2019-07-05 | CVE-2019-13312 | block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. | Ffmpeg | 8.8 | ||
2018-04-24 | CVE-2018-7751 | The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. | Ffmpeg | 6.5 | ||
2018-02-12 | CVE-2018-6912 | The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. | Ffmpeg | 6.5 | ||
2020-01-14 | CVE-2014-4610 | Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. | Ffmpeg | N/A | ||
2018-07-05 | CVE-2018-13305 | In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. | Ffmpeg | 8.1 | ||
2017-09-09 | CVE-2017-14222 | In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | Ffmpeg | 6.5 | ||
2017-08-31 | CVE-2017-14059 | In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | Ffmpeg | 6.5 | ||
2017-08-31 | CVE-2017-14057 | In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. | Ffmpeg | 6.5 |