| CVE-2021-38291 |
AVG-1989 |
Low |
Yes |
Denial of service |
FFmpeg before version 4.4.1 suffers from a an assertion failure at src/libavutil/mathematics.c. |
| CVE-2021-38171 |
AVG-1989 |
Medium |
Yes |
Insufficient validation |
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg before version 4.4.1 does not check the init_get_bits return value, which is a necessary step... |
| CVE-2021-38114 |
AVG-1989 |
Medium |
Yes |
Arbitrary code execution |
libavcodec/dnxhddec.c in FFmpeg before version 4.4.1 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. |
| CVE-2021-33815 |
AVG-1989 |
Medium |
Yes |
Information disclosure |
dwa_uncompress in libavcodec/exr.c in FFmpeg before version 4.4.1 allows an out-of-bounds array access because dc_count is not strictly checked. |
| CVE-2021-30123 |
AVG-1786 |
Medium |
Yes |
Arbitrary code execution |
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. |
| CVE-2020-35965 |
AVG-1397 |
Medium |
No |
Arbitrary code execution |
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. |
| CVE-2020-35964 |
AVG-1649 |
Medium |
No |
Arbitrary code execution |
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of- bounds write because of incorrect extradata packing. The issue is fixed in FFmpeg version 4.3.2. |
| CVE-2020-22037 |
AVG-1989 |
Low |
Yes |
Denial of service |
A denial of service vulnerability exists in FFmpeg before version 4.4.1 due to a memory leak in avcodec_alloc_context3 at options.c. |
| CVE-2020-22033 |
AVG-1989 |
Low |
Yes |
Denial of service |
A heap-based buffer overflow vulnerability exists in FFmpeg before version 4.4.1 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a... |
| CVE-2020-22028 |
AVG-2005 |
Low |
Yes |
Denial of service |
A buffer overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote denial of service. |
| CVE-2020-22026 |
AVG-2005 |
Low |
Yes |
Denial of service |
A buffer overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause... |
| CVE-2020-22024 |
AVG-2005 |
Low |
Yes |
Denial of service |
A buffer overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c could let a remote malicious user cause denial of service. |
| CVE-2020-22021 |
AVG-1989 |
Low |
Yes |
Denial of service |
A buffer overflow vulnerability in FFmpeg before version 4.4.1 at filter_edges function in libavfilter/vf_yadif.c could let a remote malicious user cause a... |
| CVE-2020-22019 |
AVG-1989 |
Low |
Yes |
Denial of service |
A buffer overflow vulnerability in FFmpeg before version 4.4.1 at convolution_y_10bit in libavfilter/vf_vmafmotion.c could let a remote malicious user cause... |
| CVE-2020-22015 |
AVG-1989 |
Medium |
Yes |
Arbitrary code execution |
A buffer overflow vulnerability in FFmpeg before version 4.4.1 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c could let a remote... |
| CVE-2020-20453 |
AVG-1989 |
Low |
Yes |
Denial of service |
FFmpeg before version 4.4.1 is affected by a divide by zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a denial of service. |
| CVE-2020-20448 |
AVG-2533 |
Low |
Yes |
Denial of service |
FFmpeg before version 4.3 is affected by a divide by zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a denial of service. |
| CVE-2020-20446 |
AVG-1989 |
Low |
Yes |
Denial of service |
FFmpeg before version 4.4.1 is affected by a divide by zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a denial of service. |
| CVE-2020-20445 |
AVG-1989 |
Low |
Yes |
Denial of service |
FFmpeg before version 4.4.1 is affected by a divide by zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a denial of service. |
| CVE-2020-13904 |
AVG-1180 |
High |
Yes |
Arbitrary code execution |
A use-after-free via a crafted EXTINF duration in an m3u8 file has been found in ffmpeg <= 4.2.3, because parse_playlist in libavformat/hls.c frees a... |
| CVE-2017-16840 |
AVG-516 |
Medium |
Yes |
Denial of service |
The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer... |
| CVE-2017-14225 |
AVG-400 |
Low |
No |
Denial of service |
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers... |
| CVE-2017-14223 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption.... |
| CVE-2017-14222 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a... |
| CVE-2017-14171 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a... |
| CVE-2017-14170 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption.... |
| CVE-2017-14169 |
AVG-400 |
Low |
No |
Denial of service |
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a... |
| CVE-2017-14059 |
AVG-400 |
Low |
No |
Denial of service |
In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims... |
| CVE-2017-14058 |
AVG-400 |
Medium |
Yes |
Denial of service |
In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to... |
| CVE-2017-14057 |
AVG-400 |
Low |
No |
Denial of service |
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file,... |
| CVE-2017-14056 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When... |
| CVE-2017-14055 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption.... |
| CVE-2017-14054 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a... |
| CVE-2017-5025 |
AVG-172 |
Critical |
Yes |
Arbitrary code execution |
A heap overflow flaw was found in FFmpeg < 3.2.4. |
| CVE-2017-5024 |
AVG-172 |
Critical |
Yes |
Arbitrary code execution |
A heap overflow flaw was found in FFmpeg < 3.2.4. |
| CVE-2016-7554 |
AVG-41 |
Low |
No |
Arbitrary code execution |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was... |