Vulnerabilities > Ffmpeg > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-27 | CVE-2024-22860 | Integer Overflow or Wraparound vulnerability in Ffmpeg Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | 9.8 |
| 2024-01-27 | CVE-2024-22862 | Integer Overflow or Wraparound vulnerability in Ffmpeg Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | 9.8 |
| 2021-08-21 | CVE-2021-38171 | Unchecked Return Value vulnerability in multiple products adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. | 9.8 |
| 2020-04-28 | CVE-2020-12284 | Out-of-bounds Write vulnerability in multiple products cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. | 9.8 |
| 2019-10-14 | CVE-2019-17542 | Out-of-bounds Write vulnerability in multiple products FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. | 9.8 |
| 2019-10-14 | CVE-2019-17539 | NULL Pointer Dereference vulnerability in multiple products In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. | 9.8 |
| 2019-06-04 | CVE-2019-12730 | Use of Uninitialized Resource vulnerability in Ffmpeg aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. | 9.8 |
| 2018-07-23 | CVE-2018-1999010 | Out-of-bounds Read vulnerability in multiple products FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. | 9.8 |
| 2017-11-21 | CVE-2017-16840 | Out-of-bounds Read vulnerability in multiple products The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. | 9.8 |
| 2017-08-28 | CVE-2013-0870 | Unspecified vulnerability in Ffmpeg 1.1.4 The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. | 9.8 |