Vulnerabilities > Ffmpeg

DATE CVE VULNERABILITY TITLE RISK
2021-01-04 CVE-2020-35965 Out-Of-Bounds Write vulnerability in Ffmpeg 4.3.1
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.
network
low complexity
ffmpeg CWE-787
5.0
2021-01-03 CVE-2020-35964 Out-Of-Bounds Write vulnerability in Ffmpeg 4.3.1
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.
network
ffmpeg CWE-787
4.3
2020-06-16 CVE-2020-14212 Out-Of-Bounds Write vulnerability in Ffmpeg 4.3
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
network
ffmpeg CWE-787
6.8
2020-06-07 CVE-2020-13904 USE After Free vulnerability in Ffmpeg 4.2.3
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
network
ffmpeg CWE-416
4.3
2020-04-28 CVE-2020-12284 Out-Of-Bounds Write vulnerability in Ffmpeg 4.2.2
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
network
low complexity
ffmpeg CWE-787
critical
10.0
2020-01-14 CVE-2014-4610 Integer Overflow OR Wraparound vulnerability in Ffmpeg
Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.
network
ffmpeg CWE-190
6.8
2019-10-14 CVE-2019-17542 Improper Validation of Array Index vulnerability in Ffmpeg
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
network
low complexity
ffmpeg CWE-129
7.5
2019-10-14 CVE-2019-17539 Null Pointer Dereference vulnerability in Ffmpeg
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
network
low complexity
ffmpeg CWE-476
7.5
2019-09-05 CVE-2019-15942 Unchecked Return Value vulnerability in Ffmpeg
FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.
network
ffmpeg CWE-252
6.8
2019-07-07 CVE-2019-13390 Divide BY Zero vulnerability in Ffmpeg 4.1.3
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.
network
ffmpeg CWE-369
4.3