Vulnerabilities > Ffmpeg > Ffmpeg > 3.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-19 | CVE-2018-14394 | Divide By Zero vulnerability in Ffmpeg libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. | 4.3 |
| 2018-04-24 | CVE-2018-7751 | Infinite Loop vulnerability in Ffmpeg The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. | 4.3 |
| 2018-04-11 | CVE-2018-10001 | Out-of-bounds Read vulnerability in multiple products The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. | 6.5 |
| 2018-04-07 | CVE-2018-9841 | Out-of-bounds Read vulnerability in Ffmpeg The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename. | 8.8 |
| 2018-02-28 | CVE-2018-7557 | Out-of-bounds Read vulnerability in multiple products The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. | 6.5 |
| 2018-02-12 | CVE-2018-6912 | Out-of-bounds Read vulnerability in Ffmpeg The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. | 4.3 |
| 2018-01-29 | CVE-2018-6392 | Out-of-bounds Read vulnerability in multiple products The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. | 4.3 |
| 2018-01-03 | CVE-2017-1000460 | NULL Pointer Dereference vulnerability in multiple products In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. | 4.3 |
| 2017-11-30 | CVE-2017-17081 | Out-of-bounds Read vulnerability in Ffmpeg 3.4 The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. | 4.3 |
| 2017-11-21 | CVE-2017-16840 | Out-of-bounds Read vulnerability in multiple products The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. | 9.8 |