Vulnerabilities > Ffmpeg > Ffmpeg > 4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2020-21041 | Classic Buffer Overflow vulnerability in multiple products Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service | 5.0 |
| 2020-04-28 | CVE-2020-12284 | Out-of-bounds Write vulnerability in multiple products cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. | 10.0 |
| 2019-10-14 | CVE-2019-17542 | Improper Validation of Array Index vulnerability in multiple products FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. | 7.5 |
| 2019-10-14 | CVE-2019-17539 | NULL Pointer Dereference vulnerability in multiple products In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. | 7.5 |
| 2019-09-05 | CVE-2019-15942 | Unchecked Return Value vulnerability in Ffmpeg FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. | 8.8 |
| 2019-04-19 | CVE-2019-11339 | Out-of-bounds Read vulnerability in Ffmpeg The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data. | 6.8 |
| 2019-03-12 | CVE-2019-9721 | Out-of-bounds Read vulnerability in multiple products A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | 6.5 |
| 2019-03-12 | CVE-2019-9718 | Out-of-bounds Read vulnerability in multiple products In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | 6.5 |
| 2019-02-04 | CVE-2019-1000016 | Improper Validation of Array Index vulnerability in Ffmpeg 4.1 FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. | 4.3 |