Vulnerabilities > Ffmpeg > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-27 | CVE-2024-22862 | Integer Overflow or Wraparound vulnerability in Ffmpeg Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | 9.8 |
| 2024-01-27 | CVE-2024-22860 | Integer Overflow or Wraparound vulnerability in Ffmpeg Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | 9.8 |
| 2021-08-21 | CVE-2021-38171 | Unchecked Return Value vulnerability in multiple products adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. | 9.8 |
| 2020-04-28 | CVE-2020-12284 | Out-of-bounds Write vulnerability in multiple products cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. | 10.0 |
| 2018-02-08 | CVE-2012-5359 | Improper Input Validation vulnerability in Ffmpeg Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file. | 9.3 |
| 2018-02-08 | CVE-2012-5360 | Improper Input Validation vulnerability in Ffmpeg Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. | 9.3 |
| 2017-11-21 | CVE-2017-16840 | Out-of-bounds Read vulnerability in multiple products The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. | 9.8 |
| 2017-08-28 | CVE-2013-0870 | Unspecified vulnerability in Ffmpeg 1.1.4 The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. | 9.8 |
| 2017-08-09 | CVE-2012-2771 | Unspecified vulnerability in Ffmpeg Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | 9.8 |
| 2017-08-09 | CVE-2012-2773 | Unspecified vulnerability in Ffmpeg Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781. | 9.8 |