| CVE-2020-13904 |
AVG-1180 |
High |
Yes |
Arbitrary code execution |
A use-after-free via a crafted EXTINF duration in an m3u8 file has been found in ffmpeg <= 4.2.3, because parse_playlist in libavformat/hls.c frees a... |
| CVE-2017-16840 |
AVG-516 |
Medium |
Yes |
Denial of service |
The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer... |
| CVE-2017-14225 |
AVG-400 |
Low |
No |
Denial of service |
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers... |
| CVE-2017-14223 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption.... |
| CVE-2017-14222 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a... |
| CVE-2017-14171 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a... |
| CVE-2017-14170 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption.... |
| CVE-2017-14169 |
AVG-400 |
Low |
No |
Denial of service |
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a... |
| CVE-2017-14059 |
AVG-400 |
Low |
No |
Denial of service |
In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims... |
| CVE-2017-14058 |
AVG-400 |
Medium |
Yes |
Denial of service |
In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to... |
| CVE-2017-14057 |
AVG-400 |
Low |
No |
Denial of service |
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file,... |
| CVE-2017-14056 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When... |
| CVE-2017-14055 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption.... |
| CVE-2017-14054 |
AVG-400 |
Low |
No |
Denial of service |
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a... |
| CVE-2017-5025 |
AVG-172 |
Critical |
Yes |
Arbitrary code execution |
A heap overflow flaw was found in FFmpeg < 3.2.4. |
| CVE-2017-5024 |
AVG-172 |
Critical |
Yes |
Arbitrary code execution |
A heap overflow flaw was found in FFmpeg < 3.2.4. |
| CVE-2016-7554 |
AVG-41 |
Low |
No |
Arbitrary code execution |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was... |