Vulnerabilities > Ffmpeg > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-06-15 CVE-2018-12458 Improper Input Validation vulnerability in multiple products
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
network
low complexity
ffmpeg debian CWE-20
6.5
6.5
2018-04-24 CVE-2018-7751 Infinite Loop vulnerability in Ffmpeg
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.
network
low complexity
ffmpeg CWE-835
6.5
6.5
2018-04-11 CVE-2018-10001 Out-of-bounds Read vulnerability in multiple products
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.
network
low complexity
ffmpeg debian CWE-125
6.5
6.5
2018-02-28 CVE-2018-7557 Out-of-bounds Read vulnerability in multiple products
The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.
network
low complexity
ffmpeg debian CWE-125
6.5
6.5
2018-02-12 CVE-2018-6912 Out-of-bounds Read vulnerability in Ffmpeg
The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
network
low complexity
ffmpeg CWE-125
6.5
6.5
2018-02-05 CVE-2018-6621 Out-of-bounds Read vulnerability in multiple products
The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
network
low complexity
ffmpeg debian CWE-125
6.5
6.5
2018-01-29 CVE-2018-6392 Out-of-bounds Read vulnerability in multiple products
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.
network
low complexity
ffmpeg debian CWE-125
6.5
6.5
2018-01-09 CVE-2015-1208 Integer Underflow (Wrap or Wraparound) vulnerability in Ffmpeg
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.
local
low complexity
ffmpeg CWE-191
5.5
5.5
2018-01-03 CVE-2017-1000460 NULL Pointer Dereference vulnerability in multiple products
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
network
low complexity
libav ffmpeg google CWE-476
6.5
6.5
2017-12-27 CVE-2017-9608 NULL Pointer Dereference vulnerability in Ffmpeg
The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.
network
low complexity
ffmpeg CWE-476
6.5
6.5