Filtered by vendor Ffmpeg
Subscriptions
Filtered by product Ffmpeg
Subscriptions
Total
485 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-3674 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data. | ||||
| CVE-2009-4632 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. | ||||
| CVE-2013-3673 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data. | ||||
| CVE-2011-3504 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2013-3672 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data. | ||||
| CVE-2013-3671 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message. | ||||
| CVE-2011-2161 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames. | ||||
| CVE-2013-3670 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release. | ||||
| CVE-2013-2496 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data. | ||||
| CVE-2009-4633 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. | ||||
| CVE-2011-3362 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | N/A |
| Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file. | ||||
| CVE-2009-4634 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. | ||||
| CVE-2013-7013 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data. | ||||
| CVE-2011-3935 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size. | ||||
| CVE-2013-0860 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. | ||||
| CVE-2011-3973 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. | ||||
| CVE-2013-0873 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses." | ||||
| CVE-2013-7023 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. | ||||
| CVE-2013-2276 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data. | ||||
| CVE-2011-0722 | 2 Ffmpeg, Mplayerhq | 2 Ffmpeg, Mplayer | 2025-04-11 | N/A |
| FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. | ||||