Vulnerabilities > Ffmpeg
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-21 | CVE-2017-16840 | Out-of-bounds Read vulnerability in multiple products The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. | 9.8 |
2017-11-06 | CVE-2017-15672 | Out-of-bounds Read vulnerability in multiple products The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. | 8.8 |
2017-10-24 | CVE-2017-15186 | Double Free vulnerability in Ffmpeg Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | 4.3 |
2017-09-27 | CVE-2017-14767 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. | 6.8 |
2017-09-09 | CVE-2017-14225 | NULL Pointer Dereference vulnerability in Ffmpeg 3.3.3 The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. | 6.8 |
2017-09-09 | CVE-2017-14223 | Resource Exhaustion vulnerability in multiple products In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. | 7.1 |
2017-09-09 | CVE-2017-14222 | Excessive Iteration vulnerability in Ffmpeg 3.3.3 In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. | 7.1 |
2017-09-07 | CVE-2017-14171 | Excessive Iteration vulnerability in Ffmpeg 3.3.3 In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. | 7.1 |
2017-09-07 | CVE-2017-14170 | Excessive Iteration vulnerability in Ffmpeg 3.3.3 In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. | 7.1 |
2017-09-07 | CVE-2017-14169 | Improper Input Validation vulnerability in multiple products In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. | 6.8 |