Vulnerabilities > Ffmpeg > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-08 | CVE-2012-5360 | Improper Input Validation vulnerability in Ffmpeg Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. | 8.8 |
| 2018-02-08 | CVE-2012-5359 | Improper Input Validation vulnerability in Ffmpeg Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file. | 8.8 |
| 2017-11-06 | CVE-2017-15672 | Out-of-bounds Read vulnerability in multiple products The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. | 8.8 |
| 2017-09-27 | CVE-2017-14767 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. | 8.8 |
| 2017-09-09 | CVE-2017-14225 | NULL Pointer Dereference vulnerability in Ffmpeg 3.3.3 The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. | 8.8 |
| 2017-09-07 | CVE-2017-14169 | Improper Input Validation vulnerability in multiple products In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. | 8.8 |
| 2017-08-28 | CVE-2012-2805 | Improper Resource Shutdown or Release vulnerability in Ffmpeg 0.10 Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. | 7.5 |
| 2017-07-28 | CVE-2017-11719 | Out-of-bounds Read vulnerability in Ffmpeg The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. | 7.8 |
| 2017-07-27 | CVE-2017-11665 | Improper Input Validation vulnerability in Ffmpeg 3.3.2 The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. | 7.5 |
| 2017-07-17 | CVE-2017-11399 | Out-of-bounds Read vulnerability in Ffmpeg Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. | 7.8 |