Vulnerabilities > Ffmpeg > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-05 | CVE-2019-15942 | Unchecked Return Value vulnerability in Ffmpeg FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. | 8.8 |
| 2019-07-05 | CVE-2019-13312 | Out-of-bounds Read vulnerability in Ffmpeg 4.1.3 block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. | 8.8 |
| 2019-04-19 | CVE-2019-11339 | Out-of-bounds Read vulnerability in Ffmpeg The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data. | 8.8 |
| 2019-04-19 | CVE-2019-11338 | NULL Pointer Dereference vulnerability in multiple products libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | 8.8 |
| 2018-08-23 | CVE-2018-15822 | Reachable Assertion vulnerability in multiple products The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. | 7.5 |
| 2018-07-23 | CVE-2018-1999011 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. | 8.8 |
| 2018-07-05 | CVE-2018-13305 | Out-of-bounds Read vulnerability in Ffmpeg 4.0.1 In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. | 8.1 |
| 2018-07-05 | CVE-2018-13302 | Improper Validation of Array Index vulnerability in multiple products In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact. | 8.8 |
| 2018-07-05 | CVE-2018-13300 | Out-of-bounds Read vulnerability in multiple products In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. | 8.1 |
| 2018-04-07 | CVE-2018-9841 | Out-of-bounds Read vulnerability in Ffmpeg The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename. | 8.8 |