Vulnerabilities > Ffmpeg > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-25 | CVE-2020-20445 | Divide By Zero vulnerability in multiple products FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. | 6.5 |
| 2021-05-25 | CVE-2020-20446 | Divide By Zero vulnerability in multiple products FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. | 6.5 |
| 2021-05-25 | CVE-2020-20448 | Divide By Zero vulnerability in Ffmpeg 4.1.3 FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. | 6.5 |
| 2021-01-03 | CVE-2020-35964 | Out-of-bounds Write vulnerability in Ffmpeg 4.3.1 track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. | 6.5 |
| 2020-06-07 | CVE-2020-13904 | Use After Free vulnerability in multiple products FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. | 5.5 |
| 2019-07-07 | CVE-2019-13390 | Divide By Zero vulnerability in Ffmpeg 4.1.3 In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. | 6.5 |
| 2019-03-12 | CVE-2019-9721 | Out-of-bounds Read vulnerability in multiple products A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | 6.5 |
| 2019-03-12 | CVE-2019-9718 | Out-of-bounds Read vulnerability in multiple products In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | 6.5 |
| 2019-02-04 | CVE-2019-1000016 | Improper Validation of Array Index vulnerability in Ffmpeg 4.1 FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. | 6.5 |
| 2018-07-23 | CVE-2018-1999015 | Out-of-bounds Read vulnerability in Ffmpeg FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. | 6.5 |