Vulnerabilities > Ffmpeg > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-12-12 CVE-2017-17555 NULL Pointer Dereference vulnerability in multiple products
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.
network
low complexity
aubio ffmpeg CWE-476
6.5
6.5
2017-11-30 CVE-2017-17081 Out-of-bounds Read vulnerability in Ffmpeg 3.4
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.
network
low complexity
ffmpeg CWE-125
6.5
6.5
2017-10-24 CVE-2017-15186 Double Free vulnerability in Ffmpeg
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.
network
low complexity
ffmpeg CWE-415
6.5
6.5
2017-09-09 CVE-2017-14223 Resource Exhaustion vulnerability in multiple products
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption.
network
low complexity
ffmpeg debian CWE-400
6.5
6.5
2017-09-09 CVE-2017-14222 Excessive Iteration vulnerability in Ffmpeg 3.3.3
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption.
network
low complexity
ffmpeg CWE-834
6.5
6.5
2017-09-07 CVE-2017-14171 Excessive Iteration vulnerability in Ffmpeg 3.3.3
In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption.
network
low complexity
ffmpeg CWE-834
6.5
6.5
2017-09-07 CVE-2017-14170 Excessive Iteration vulnerability in Ffmpeg 3.3.3
In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption.
network
low complexity
ffmpeg CWE-834
6.5
6.5
2017-08-31 CVE-2017-14059 Excessive Iteration vulnerability in Ffmpeg 3.3.3
In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption.
network
low complexity
ffmpeg CWE-834
6.5
6.5
2017-08-31 CVE-2017-14058 Infinite Loop vulnerability in Ffmpeg 3.3.3
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).
network
low complexity
ffmpeg CWE-835
6.5
6.5
2017-08-31 CVE-2017-14057 Excessive Iteration vulnerability in Ffmpeg 3.3.3
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption.
network
low complexity
ffmpeg CWE-834
6.5
6.5