Vulnerabilities > Ffmpeg
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-07 | CVE-2019-13390 | Divide By Zero vulnerability in Ffmpeg 4.1.3 In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. | 4.3 |
| 2019-07-05 | CVE-2019-13312 | Out-of-bounds Read vulnerability in Ffmpeg 4.1.3 block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. | 6.8 |
| 2019-06-04 | CVE-2019-12730 | Use of Uninitialized Resource vulnerability in Ffmpeg aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. | 7.5 |
| 2019-04-19 | CVE-2019-11339 | Out-of-bounds Read vulnerability in Ffmpeg The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data. | 6.8 |
| 2019-04-19 | CVE-2019-11338 | NULL Pointer Dereference vulnerability in multiple products libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | 8.8 |
| 2019-03-12 | CVE-2019-9721 | Out-of-bounds Read vulnerability in multiple products A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | 6.5 |
| 2019-03-12 | CVE-2019-9718 | Out-of-bounds Read vulnerability in multiple products In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | 6.5 |
| 2019-02-04 | CVE-2019-1000016 | Improper Validation of Array Index vulnerability in Ffmpeg 4.1 FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. | 4.3 |
| 2018-08-23 | CVE-2018-15822 | Reachable Assertion vulnerability in multiple products The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. | 7.5 |
| 2018-07-23 | CVE-2018-1999015 | Out-of-bounds Read vulnerability in Ffmpeg FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. | 4.3 |