Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ffmpeg ffmpeg 2.4 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-15672
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote malicious users to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
Ffmpeg Ffmpeg
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2017-14171
In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain suff...
Ffmpeg Ffmpeg 3.3.3
6.5
CVSSv3
CVE-2017-14170
In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain...
Ffmpeg Ffmpeg 3.3.3
8.8
CVSSv3
CVE-2017-14169
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" tur...
Ffmpeg Ffmpeg 3.3.3
Debian Debian Linux 9.0
Debian Debian Linux 8.0
6.5
CVSSv3
CVE-2017-14058
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote malicious users to cause a denial of service (infinite loop).
Ffmpeg Ffmpeg 3.3.3
7.8
CVSSv3
CVE-2017-11399
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 up to and including 3.3.2 allows remote malicious users to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file...
Ffmpeg Ffmpeg
5.5
CVSSv3
CVE-2016-1897
FFmpeg 2.x allows remote malicious users to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.
Ffmpeg Ffmpeg 2.7.4
Ffmpeg Ffmpeg 2.7.3
Ffmpeg Ffmpeg 2.6.2
Ffmpeg Ffmpeg 2.6.1
Ffmpeg Ffmpeg 2.5.4
Ffmpeg Ffmpeg 2.5.3
Ffmpeg Ffmpeg 2.4.9
Ffmpeg Ffmpeg 2.4.8
Ffmpeg Ffmpeg 2.4
Ffmpeg Ffmpeg 2.3.6
Ffmpeg Ffmpeg 2.2.16
Ffmpeg Ffmpeg 2.2.15
Ffmpeg Ffmpeg 2.2.8
Ffmpeg Ffmpeg 2.2.7
Ffmpeg Ffmpeg 2.1.8
Ffmpeg Ffmpeg 2.1.7
Ffmpeg Ffmpeg 2.1
Ffmpeg Ffmpeg 2.0.7
Ffmpeg Ffmpeg 2.0
Ffmpeg Ffmpeg 2.8.4
Ffmpeg Ffmpeg 2.8.3
Ffmpeg Ffmpeg 2.7.2
2 Github repositories
5.5
CVSSv3
CVE-2016-1898
FFmpeg 2.x allows remote malicious users to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.
Ffmpeg Ffmpeg 2.8.3
Ffmpeg Ffmpeg 2.8.2
Ffmpeg Ffmpeg 2.7
Ffmpeg Ffmpeg 2.6.6
Ffmpeg Ffmpeg 2.5.9
Ffmpeg Ffmpeg 2.5.8
Ffmpeg Ffmpeg 2.5.1
Ffmpeg Ffmpeg 2.5
Ffmpeg Ffmpeg 2.4.5
Ffmpeg Ffmpeg 2.4.4
Ffmpeg Ffmpeg 2.3.4
Ffmpeg Ffmpeg 2.3.3
Ffmpeg Ffmpeg 2.2.13
Ffmpeg Ffmpeg 2.2.12
Ffmpeg Ffmpeg 2.2.11
Ffmpeg Ffmpeg 2.2.4
Ffmpeg Ffmpeg 2.2.3
Ffmpeg Ffmpeg 2.1.5
Ffmpeg Ffmpeg 2.1.4
Ffmpeg Ffmpeg 2.0.4
Ffmpeg Ffmpeg 2.0.3
Ffmpeg Ffmpeg 2.8.1
1 Github repository
NA
CVE-2015-3395
The msrle_decode_pal4 function in msrledec.c in Libav prior to 10.7 and 11.x prior to 11.4 and FFmpeg prior to 2.0.7, 2.2.x prior to 2.2.15, 2.4.x prior to 2.4.8, 2.5.x prior to 2.5.6, and 2.6.x prior to 2.6.2 allows remote malicious users to have unspecified impact via a crafted...
Canonical Ubuntu Linux 12.04
Ffmpeg Ffmpeg 2.2.12
Ffmpeg Ffmpeg 2.2.8
Ffmpeg Ffmpeg 2.4.4
Ffmpeg Ffmpeg 2.5.0
Ffmpeg Ffmpeg 2.4.1
Ffmpeg Ffmpeg 2.2.4
Ffmpeg Ffmpeg 2.2.6
Ffmpeg Ffmpeg 2.2.3
Ffmpeg Ffmpeg 2.4.6
Ffmpeg Ffmpeg 2.6.0
Ffmpeg Ffmpeg 2.5.4
Ffmpeg Ffmpeg 2.2.1
Ffmpeg Ffmpeg 2.4.3
Ffmpeg Ffmpeg 2.2.14
Ffmpeg Ffmpeg 2.5.5
Ffmpeg Ffmpeg 2.4.7
Ffmpeg Ffmpeg 2.4.2
Ffmpeg Ffmpeg 2.4.5
Ffmpeg Ffmpeg 2.2.9
Ffmpeg Ffmpeg 2.2.11
Ffmpeg Ffmpeg 2.5.3
NA
CVE-2014-9317
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg prior to 2.1.6, 2.2.x up to and including 2.3.x, and 2.4.x prior to 2.4.4 allows remote malicious users to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT ...
Ffmpeg Ffmpeg 2.3
Ffmpeg Ffmpeg 2.3.3
Ffmpeg Ffmpeg 2.2
Ffmpeg Ffmpeg 2.4.1
Ffmpeg Ffmpeg 2.2.4
Ffmpeg Ffmpeg 2.3.5
Ffmpeg Ffmpeg 2.4.3
Ffmpeg Ffmpeg 2.4.2
Ffmpeg Ffmpeg 2.3.2
Ffmpeg Ffmpeg
Ffmpeg Ffmpeg 2.3.4
Ffmpeg Ffmpeg 2.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »