Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ffmpeg vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-15672
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote malicious users to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
Ffmpeg Ffmpeg
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2017-14795
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in...
Libbpg Project Libbpg 0.9.7
8.8
CVSSv3
CVE-2017-14796
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote malicious users to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in ...
Libbpg Project Libbpg 0.9.7
8.8
CVSSv3
CVE-2017-14767
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg prior to 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote malicious users to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a craf...
Ffmpeg Ffmpeg
8.8
CVSSv3
CVE-2017-14225
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dere...
Ffmpeg Ffmpeg 3.3.3
8.8
CVSSv3
CVE-2017-14169
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" tur...
Ffmpeg Ffmpeg 3.3.3
Debian Debian Linux 9.0
Debian Debian Linux 8.0
8.8
CVSSv3
CVE-2017-9990
Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 prior to 3.3.1 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
Ffmpeg Ffmpeg
8.8
CVSSv3
CVE-2017-9992
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg prior to 2.8.12, 3.0.x prior to 3.0.8, 3.1.x prior to 3.1.8, 3.2.x prior to 3.2.5, and 3.3.x prior to 3.3.1 allows remote malicious users to cause a denial of service (application crash) or possi...
Ffmpeg Ffmpeg
Debian Debian Linux 8.0
8.8
CVSSv3
CVE-2017-5047
An integer overflow in FFmpeg in Google Chrome before 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote malicious user to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
Google Chrome
8.8
CVSSv3
CVE-2017-5048
An integer overflow in FFmpeg in Google Chrome before 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote malicious user to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
Google Chrome
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »