Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ffmpeg ffmpeg 3.2 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-9718
In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows malicious users to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.
Ffmpeg Ffmpeg 3.2
Ffmpeg Ffmpeg 4.1
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
6.5
CVSSv3
CVE-2019-9721
A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows malicious users to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.
Ffmpeg Ffmpeg 3.2
Ffmpeg Ffmpeg 4.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
6.5
CVSSv3
CVE-2018-14395
libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows malicious users to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.
Debian Debian Linux 9.0
Ffmpeg Ffmpeg 3.2
Ffmpeg Ffmpeg 4.0
8.1
CVSSv3
CVE-2018-13300
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and pos...
Ffmpeg Ffmpeg 4.0.1
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2018-6621
The decode_frame function in libavcodec/utvideodec.c in FFmpeg up to and including 3.2 allows remote malicious users to cause a denial of service (out of array read) via a crafted AVI file.
Ffmpeg Ffmpeg
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.8
CVSSv3
CVE-2017-9991
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg prior to 2.8.12, 3.0.x prior to 3.0.8, 3.1.x prior to 3.1.8, 3.2.x prior to 3.2.5, and 3.3.x prior to 3.3.1 allows remote malicious users to cause a denial of service (application crash) ...
Ffmpeg Ffmpeg 3.2.4
Ffmpeg Ffmpeg 3.1.6
Ffmpeg Ffmpeg 3.1.7
Ffmpeg Ffmpeg 3.0.5
Ffmpeg Ffmpeg 3.1.4
Ffmpeg Ffmpeg 3.1.5
Ffmpeg Ffmpeg 3.2
Ffmpeg Ffmpeg 3.2.1
Ffmpeg Ffmpeg 3.0.1
Ffmpeg Ffmpeg 3.0.2
Ffmpeg Ffmpeg 3.0.3
Ffmpeg Ffmpeg 3.0.4
Ffmpeg Ffmpeg 3.3
Ffmpeg Ffmpeg 3.2.3
Ffmpeg Ffmpeg 3.0.6
Ffmpeg Ffmpeg
Ffmpeg Ffmpeg 3.1.1
Ffmpeg Ffmpeg 3.1.3
Ffmpeg Ffmpeg 3.2.2
Ffmpeg Ffmpeg 3.0.7
Ffmpeg Ffmpeg 3.0
Ffmpeg Ffmpeg 3.1
8.8
CVSSv3
CVE-2017-9992
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg prior to 2.8.12, 3.0.x prior to 3.0.8, 3.1.x prior to 3.1.8, 3.2.x prior to 3.2.5, and 3.3.x prior to 3.3.1 allows remote malicious users to cause a denial of service (application crash) or possi...
Ffmpeg Ffmpeg
Debian Debian Linux 8.0
7.8
CVSSv3
CVE-2017-9994
libavcodec/webp.c in FFmpeg prior to 2.8.12, 3.0.x prior to 3.0.8, 3.1.x prior to 3.1.8, 3.2.x prior to 3.2.5, and 3.3.x prior to 3.3.1 does not ensure that pix_fmt is set, which allows remote malicious users to cause a denial of service (heap-based buffer overflow and applicatio...
Ffmpeg Ffmpeg
Debian Debian Linux 8.0
7.8
CVSSv3
CVE-2017-9996
The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x prior to 2.8.12, 3.0.x prior to 3.0.8, 3.1.x prior to 3.1.8, 3.2.x prior to 3.2.5, and 3.3.x prior to 3.3.1 does not exclude the CHUNKY format, which allows remote malicious users to cause a denial of service (he...
Ffmpeg Ffmpeg 2.8.3
Ffmpeg Ffmpeg 2.8.4
Ffmpeg Ffmpeg 2.8.5
Ffmpeg Ffmpeg 2.8.6
Ffmpeg Ffmpeg 3.1.3
Ffmpeg Ffmpeg 3.1.4
Ffmpeg Ffmpeg 3.1.5
Ffmpeg Ffmpeg 3.2
Ffmpeg Ffmpeg 3.1.6
Ffmpeg Ffmpeg 3.1.7
Ffmpeg Ffmpeg 3.0.5
Ffmpeg Ffmpeg 3.0.6
Ffmpeg Ffmpeg 3.0
Ffmpeg Ffmpeg 3.0.1
Ffmpeg Ffmpeg 3.0.2
Ffmpeg Ffmpeg 3.0.3
Ffmpeg Ffmpeg 3.2.2
Ffmpeg Ffmpeg 3.2.4
Ffmpeg Ffmpeg 3.0.7
Ffmpeg Ffmpeg 2.8.1
Ffmpeg Ffmpeg 2.8.8
Ffmpeg Ffmpeg 2.8.11
7.5
CVSSv3
CVE-2017-9993
FFmpeg prior to 2.8.12, 3.0.x and 3.1.x prior to 3.1.9, 3.2.x prior to 3.2.6, and 3.3.x prior to 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows malicious users to read arbitrary files via crafted playlist data.
Ffmpeg Ffmpeg
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »