Vulnerabilities > Ffmpeg > Ffmpeg > 0.5.12

DATE CVE VULNERABILITY TITLE RISK
2024-01-27 CVE-2024-22861 Integer Overflow or Wraparound vulnerability in Ffmpeg
Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
network
low complexity
ffmpeg CWE-190
7.5
2024-01-27 CVE-2024-22860 Integer Overflow or Wraparound vulnerability in Ffmpeg
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
network
low complexity
ffmpeg CWE-190
critical
9.8
2024-01-27 CVE-2024-22862 Integer Overflow or Wraparound vulnerability in Ffmpeg
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
network
low complexity
ffmpeg CWE-190
critical
9.8
2023-11-16 CVE-2023-47470 Out-of-bounds Write vulnerability in Ffmpeg
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c
local
low complexity
ffmpeg CWE-787
7.8
2023-10-27 CVE-2023-46407 Out-of-bounds Read vulnerability in Ffmpeg
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.
local
low complexity
ffmpeg CWE-125
5.5
2023-03-29 CVE-2022-48434 Use After Free vulnerability in Ffmpeg
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
network
high complexity
ffmpeg CWE-416
8.1
2023-01-12 CVE-2022-3341 NULL Pointer Dereference vulnerability in Ffmpeg
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file.
network
low complexity
ffmpeg CWE-476
5.3
2022-12-16 CVE-2022-3109 NULL Pointer Dereference vulnerability in Ffmpeg
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
network
low complexity
ffmpeg CWE-476
7.5
2021-08-12 CVE-2021-38291 Reachable Assertion vulnerability in multiple products
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.
network
low complexity
ffmpeg debian CWE-617
7.5
2021-08-05 CVE-2021-3566 Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it.
local
low complexity
ffmpeg debian
5.5