Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ffmpeg ffmpeg vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-22860
Integer overflow vulnerability in FFmpeg before n6.1, allows remote malicious users to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
Ffmpeg Ffmpeg
9.8
CVSSv3
CVE-2024-22862
Integer overflow vulnerability in FFmpeg before n6.1, allows remote malicious users to execute arbitrary code via the JJPEG XL Parser.
Ffmpeg Ffmpeg
8.8
CVSSv3
CVE-2023-48909
An issue exists in Jave2 version 3.3.1, allows malicious users to execute arbitrary code via the FFmpeg function.
Aarboard Jave2 3.3.1
8.8
CVSSv3
CVE-2023-49096
Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the `/Videos/<itemId>/stream` and `/Videos/<itemId>/stream.<container>` endpoints which are prese...
Jellyfin Jellyfin
7.8
CVSSv3
CVE-2023-47470
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote malicious user to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/ev...
Ffmpeg Ffmpeg
5.5
CVSSv3
CVE-2023-46407
FFmpeg prior to commit bf814 exists to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.
Ffmpeg Ffmpeg
7.5
CVSSv3
CVE-2020-36138
An issue exists in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote malicious users to cause a denial of service (DoS).
Ffmpeg Ffmpeg 4.3
5.5
CVSSv3
CVE-2021-28429
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local malicious users to cause a denial of service (DoS) via crafted .mov file.
Ffmpeg Ffmpeg 4.3.2
8.8
CVSSv3
CVE-2022-4907
Uninitialized Use in FFmpeg in Google Chrome before 108.0.5359.71 allowed a remote malicious user to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Google Chrome
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 12.0
9.8
CVSSv3
CVE-2023-39018
FFmpeg 0.7.0 and below exists to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic...
Bramp Ffmpeg-cli-wrapper
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »