Total
459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0857 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2013-0868 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases." | |||||
| CVE-2011-1931 | 3 Ffmpeg, Libav, Videolan | 4 Ffmpeg, Libavcodec, Libav and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file. | |||||
| CVE-2012-2776 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to an "out of picture write." | |||||
| CVE-2011-0723 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2025-04-11 | 6.8 MEDIUM | N/A |
| FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file. | |||||
| CVE-2012-6617 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 4.3 MEDIUM | N/A |
| The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format. | |||||
| CVE-2011-3935 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 6.8 MEDIUM | N/A |
| The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size. | |||||
| CVE-2011-3944 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 6.8 MEDIUM | N/A |
| The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data. | |||||
| CVE-2011-2160 | 2 Ffmpeg, Mplayerhq | 2 Ffmpeg, Mplayer | 2025-04-11 | 9.3 HIGH | N/A |
| The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723. | |||||
| CVE-2013-0844 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access. | |||||
| CVE-2010-3429 | 2 Ffmpeg, Mplayerhq | 3 Ffmpeg, Libavcodec, Mplayer | 2025-04-11 | 6.8 MEDIUM | N/A |
| flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability." | |||||
| CVE-2011-3947 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file. | |||||
| CVE-2012-0858 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free". | |||||
| CVE-2012-2796 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes." | |||||
| CVE-2013-0853 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error. | |||||
| CVE-2013-0852 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. | |||||
| CVE-2013-0857 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data. | |||||
| CVE-2013-7022 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 6.8 MEDIUM | N/A |
| The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data. | |||||
| CVE-2013-0875 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access. | |||||
| CVE-2010-4705 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480. | |||||