FFmpeg
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in FFmpeg.
By the Year
In 2025 there have been 0 vulnerabilities in FFmpeg. Last year, in 2024 Ffmpeg had 9 security vulnerabilities published. Right now, Ffmpeg is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 9 | 8.74 |
2023 | 7 | 7.07 |
2022 | 29 | 6.22 |
2021 | 64 | 7.57 |
2020 | 3 | 8.03 |
2019 | 11 | 8.24 |
2018 | 25 | 7.08 |
It may take a day or so for new Ffmpeg vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent FFmpeg Security Vulnerabilities
FFmpeg AVI Demuxer Integer Overflow Vulnerability
CVE-2024-36618
- November 29, 2024
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
FFmpeg CAF Decoder Integer Overflow Vulnerability
CVE-2024-36617
- November 29, 2024
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
FFmpeg libavcodec WAVARC Decoder Integer Overflow Vulnerability
CVE-2024-36619
- November 29, 2024
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.
FFmpeg Speex Codec Extradata Integer Overflow Vulnerability
CVE-2024-35369
- November 29, 2024
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.
A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5
CVE-2024-7272
8.8 - High
- August 12, 2024
A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component.
Memory Corruption
FFmpeg 7.0 is vulnerable to Buffer Overflow
CVE-2024-32230
7.8 - High
- July 01, 2024
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
Classic Buffer Overflow
Integer overflow vulnerability in FFmpeg before n6.1
CVE-2024-22861
7.5 - High
- January 27, 2024
Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
Integer Overflow or Wraparound
Integer overflow vulnerability in FFmpeg before n6.1
CVE-2024-22862
9.8 - Critical
- January 27, 2024
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
Integer Overflow or Wraparound
Integer overflow vulnerability in FFmpeg before n6.1
CVE-2024-22860
9.8 - Critical
- January 27, 2024
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
Integer Overflow or Wraparound
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code
CVE-2023-47470
7.8 - High
- November 16, 2023
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c
Memory Corruption
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read
CVE-2023-46407
5.5 - Medium
- October 27, 2023
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.
Out-of-bounds Read
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3
CVE-2020-36138
7.5 - High
- August 11, 2023
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).
NULL Pointer Dereference
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2
CVE-2021-28429
5.5 - Medium
- August 11, 2023
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.
Integer Overflow or Wraparound
FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg
CVE-2023-39018
9.8 - Critical
- July 28, 2023
FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which FFmpeg.java uses untrusted input for the path of the executable file.
Code Injection
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which
CVE-2022-48434
8.1 - High
- March 29, 2023
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
Dangling pointer
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file
CVE-2022-3341
5.3 - Medium
- January 12, 2023
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
NULL Pointer Dereference
An issue was discovered in the FFmpeg package
CVE-2022-3109
7.5 - High
- December 16, 2022
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
NULL Pointer Dereference
A vulnerability classified as problematic was found in ffmpeg
CVE-2022-3965
8.1 - High
- November 13, 2022
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.
Buffer Overflow
A vulnerability classified as problematic has been found in ffmpeg
CVE-2022-3964
8.1 - High
- November 13, 2022
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
Buffer Overflow
A heap out-of-bounds memory write exists in FFMPEG since version 5.1
CVE-2022-2566
7.8 - High
- September 23, 2022
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05
Integer Overflow or Wraparound
A vulnerability classified as problematic has been found in FFmpeg 2.0
CVE-2014-125025
5.5 - Medium
- June 19, 2022
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability was found in FFmpeg 2.0
CVE-2014-125024
7.8 - High
- June 19, 2022
A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability was found in FFmpeg 2.0
CVE-2014-125023
5.5 - Medium
- June 19, 2022
A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability was found in FFmpeg 2.0
CVE-2014-125022
5.5 - Medium
- June 19, 2022
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability was found in FFmpeg 2.0 and classified as problematic
CVE-2014-125021
5.5 - Medium
- June 19, 2022
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability has been found in FFmpeg 2.0 and classified as critical
CVE-2014-125020
7.8 - High
- June 19, 2022
A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability, which was classified as problematic, was found in FFmpeg 2.0
CVE-2014-125019
5.5 - Medium
- June 19, 2022
A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0
CVE-2014-125018
5.5 - Medium
- June 19, 2022
A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability classified as critical was found in FFmpeg 2.0
CVE-2014-125017
7.8 - High
- June 18, 2022
A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue.
Out-of-bounds Read
A vulnerability was found in FFmpeg 2.0
CVE-2014-125016
5.5 - Medium
- June 18, 2022
A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability classified as critical has been found in FFmpeg 2.0
CVE-2014-125015
7.8 - High
- June 18, 2022
A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability classified as problematic was found in FFmpeg 2.0
CVE-2014-125014
5.5 - Medium
- June 18, 2022
A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability was found in FFmpeg 2.0 and classified as problematic
CVE-2014-125013
5.5 - Medium
- June 18, 2022
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability was found in FFmpeg 2.0
CVE-2014-125012
5.5 - Medium
- June 18, 2022
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
Incorrect Conversion between Numeric Types
A vulnerability was found in FFmpeg 2.0
CVE-2014-125011
7.8 - High
- June 18, 2022
A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
Incorrect Conversion between Numeric Types
A vulnerability was found in FFmpeg 2.0
CVE-2014-125010
5.5 - Medium
- June 18, 2022
A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability classified as problematic has been found in FFmpeg 2.0
CVE-2014-125009
5.5 - Medium
- June 18, 2022
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability classified as problematic has been found in FFmpeg 2.0
CVE-2014-125008
5.5 - Medium
- June 18, 2022
A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability classified as problematic was found in FFmpeg 2.0
CVE-2014-125007
5.5 - Medium
- June 18, 2022
A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0
CVE-2014-125006
5.5 - Medium
- June 18, 2022
A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability, which was classified as problematic, was found in FFmpeg 2.0
CVE-2014-125005
5.5 - Medium
- June 18, 2022
A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability has been found in FFmpeg 2.0 and classified as problematic
CVE-2014-125004
5.5 - Medium
- June 18, 2022
A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability was found in FFmpeg 2.0 and classified as problematic
CVE-2014-125003
5.5 - Medium
- June 18, 2022
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
A vulnerability was found in FFmpeg 2.0
CVE-2014-125002
5.5 - Medium
- June 18, 2022
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
Memory Corruption
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
CVE-2022-1475
5.5 - Medium
- May 02, 2022
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
Integer Overflow or Wraparound
FFmpeg N-98388-g76a3ee996b
CVE-2020-23906
5.5 - Medium
- November 10, 2021
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.
Insufficient Verification of Data Authenticity
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1
CVE-2021-38094
8.8 - High
- September 20, 2021
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Integer Overflow or Wraparound
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1
CVE-2021-38093
8.8 - High
- September 20, 2021
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Integer Overflow or Wraparound
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1
CVE-2021-38092
8.8 - High
- September 20, 2021
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Integer Overflow or Wraparound
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1
CVE-2021-38091
8.8 - High
- September 20, 2021
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Integer Overflow or Wraparound
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1
CVE-2021-38090
8.8 - High
- September 20, 2021
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Integer Overflow or Wraparound
Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1
CVE-2020-20898
8.8 - High
- September 20, 2021
Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Integer Overflow or Wraparound
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1
CVE-2020-20896
8.8 - High
- September 20, 2021
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.
NULL Pointer Dereference
An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1
CVE-2020-20892
8.8 - High
- September 20, 2021
An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.
Divide By Zero
Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1
CVE-2020-20891
8.8 - High
- September 20, 2021
Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Classic Buffer Overflow
A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0)
CVE-2020-20902
6.5 - Medium
- September 20, 2021
A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information.
Out-of-bounds Read
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step
CVE-2021-38171
9.8 - Critical
- August 21, 2021
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
Unchecked Return Value
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers
CVE-2021-38291
7.5 - High
- August 12, 2021
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.
assertion failure
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2
CVE-2020-21688
8.8 - High
- August 10, 2021
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
Dangling pointer
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2
CVE-2020-21697
6.5 - Medium
- August 10, 2021
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
Dangling pointer
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it
CVE-2021-3566
5.5 - Medium
- August 05, 2021
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function
CVE-2021-38114
5.5 - Medium
- August 04, 2021
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
Unchecked Return Value
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4
CVE-2021-33815
8.8 - High
- June 03, 2021
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.
out-of-bounds array index
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.
CVE-2020-22056
6.5 - Medium
- June 02, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.
Memory Leak
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.
CVE-2020-22054
6.5 - Medium
- June 02, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.
Memory Leak
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.
CVE-2020-22051
6.5 - Medium
- June 02, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.
Memory Leak
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
CVE-2020-22049
6.5 - Medium
- June 02, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
Memory Leak
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
CVE-2020-22048
6.5 - Medium
- June 02, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
Memory Leak
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
CVE-2020-22046
6.5 - Medium
- June 02, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
Memory Leak
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.
CVE-2020-22044
6.5 - Medium
- June 01, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.
Memory Leak
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.
CVE-2020-22043
6.5 - Medium
- June 01, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.
Memory Leak
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.
CVE-2020-22042
6.5 - Medium
- June 01, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.
Memory Leak
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.
CVE-2020-22041
6.5 - Medium
- June 01, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.
Memory Leak
A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.
CVE-2020-22040
6.5 - Medium
- June 01, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.
Memory Leak
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.
CVE-2020-22039
6.5 - Medium
- June 01, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.
Memory Leak
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.
CVE-2020-22038
6.5 - Medium
- June 01, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.
Memory Leak
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
CVE-2020-22037
6.5 - Medium
- June 01, 2021
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
Memory Leak
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c
CVE-2020-22035
8.8 - High
- June 01, 2021
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.
Classic Buffer Overflow
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c
CVE-2020-22036
8.8 - High
- June 01, 2021
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.
Memory Corruption
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c
CVE-2020-22034
8.8 - High
- May 27, 2021
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.
Memory Corruption
A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit
CVE-2020-22033
6.5 - Medium
- May 27, 2021
A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.
Memory Corruption
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur
CVE-2020-22032
8.8 - High
- May 27, 2021
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.
Memory Corruption
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c
CVE-2020-22027
8.8 - High
- May 27, 2021
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.
Memory Corruption
A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c
CVE-2020-22025
8.8 - High
- May 27, 2021
A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
Memory Corruption
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c
CVE-2020-22023
8.8 - High
- May 27, 2021
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
Memory Corruption
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c
CVE-2020-22022
8.8 - High
- May 27, 2021
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
Memory Corruption
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c
CVE-2020-22017
8.8 - High
- May 27, 2021
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.
Memory Corruption
A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files
CVE-2020-22016
8.8 - High
- May 27, 2021
A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
Memory Corruption
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low
CVE-2020-22031
8.8 - High
- May 27, 2021
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
Memory Corruption
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp
CVE-2020-22030
8.8 - High
- May 27, 2021
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
Memory Corruption
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative
CVE-2020-22029
8.8 - High
- May 27, 2021
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
Memory Corruption
Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c
CVE-2020-22028
6.5 - Medium
- May 26, 2021
Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.
Classic Buffer Overflow
Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c
CVE-2020-22026
6.5 - Medium
- May 26, 2021
Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.
Classic Buffer Overflow
Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c
CVE-2020-22024
6.5 - Medium
- May 26, 2021
Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service.
Classic Buffer Overflow
Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c
CVE-2020-22021
6.5 - Medium
- May 26, 2021
Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.
Classic Buffer Overflow
Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c
CVE-2020-22020
6.5 - Medium
- May 26, 2021
Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.
Classic Buffer Overflow
Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c
CVE-2020-22019
6.5 - Medium
- May 26, 2021
Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service.
Classic Buffer Overflow
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c
CVE-2020-22015
8.8 - High
- May 26, 2021
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.
Classic Buffer Overflow
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks
CVE-2020-24020
8.8 - High
- May 26, 2021
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.
Classic Buffer Overflow
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which
CVE-2020-20453
6.5 - Medium
- May 25, 2021
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service
Divide By Zero