Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ffmpeg ffmpeg vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-15672
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote malicious users to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
Ffmpeg Ffmpeg
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2017-14795
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in...
Libbpg Project Libbpg 0.9.7
8.8
CVSSv3
CVE-2017-14796
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote malicious users to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in ...
Libbpg Project Libbpg 0.9.7
8.8
CVSSv3
CVE-2017-14767
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg prior to 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote malicious users to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a craf...
Ffmpeg Ffmpeg
8.8
CVSSv3
CVE-2017-14225
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dere...
Ffmpeg Ffmpeg 3.3.3
8.8
CVSSv3
CVE-2017-14169
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" tur...
Ffmpeg Ffmpeg 3.3.3
Debian Debian Linux 9.0
Debian Debian Linux 8.0
8.8
CVSSv3
CVE-2017-9990
Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 prior to 3.3.1 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
Ffmpeg Ffmpeg
8.8
CVSSv3
CVE-2017-9992
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg prior to 2.8.12, 3.0.x prior to 3.0.8, 3.1.x prior to 3.1.8, 3.2.x prior to 3.2.5, and 3.3.x prior to 3.3.1 allows remote malicious users to cause a denial of service (application crash) or possi...
Ffmpeg Ffmpeg
Debian Debian Linux 8.0
8.8
CVSSv3
CVE-2017-5047
An integer overflow in FFmpeg in Google Chrome before 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote malicious user to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
Google Chrome
8.8
CVSSv3
CVE-2017-5049
An integer overflow in FFmpeg in Google Chrome before 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote malicious user to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
Google Chrome
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »