Total
474 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2496 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 7.5 HIGH | N/A |
| The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data. | |||||
| CVE-2013-0851 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access. | |||||
| CVE-2011-3949 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 6.8 MEDIUM | N/A |
| The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data. | |||||
| CVE-2013-0845 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write. | |||||
| CVE-2012-2788 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk." | |||||
| CVE-2011-0723 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2025-04-11 | 6.8 MEDIUM | N/A |
| FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file. | |||||
| CVE-2010-4704 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 4.3 MEDIUM | N/A |
| libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480. | |||||
| CVE-2011-3947 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file. | |||||
| CVE-2012-2801 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes." | |||||
| CVE-2013-0869 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access. | |||||
| CVE-2012-0852 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 6.8 MEDIUM | N/A |
| The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two. | |||||
| CVE-2009-4632 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 5.8 MEDIUM | N/A |
| oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. | |||||
| CVE-2013-0877 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access. | |||||
| CVE-2011-3504 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2012-2796 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes." | |||||
| CVE-2013-7017 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 6.8 MEDIUM | N/A |
| libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data. | |||||
| CVE-2009-4638 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 4.3 MEDIUM | N/A |
| Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2013-0867 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access. | |||||
| CVE-2012-0848 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 4.3 MEDIUM | N/A |
| Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file, related to an incorrect calculation, aka "wrong samples count." | |||||
| CVE-2013-2277 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 7.5 HIGH | N/A |
| The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data. | |||||