Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-4704

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Jan, 2011 | 21:00
Updated At-07 Aug, 2024 | 03:55
Rejected At-
Credits

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Jan, 2011 | 21:00
Updated At:07 Aug, 2024 | 03:55
Rejected At:
▼CVE Numbering Authority (CNA)

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
vendor-advisory
x_refsource_MANDRIVA
http://www.debian.org/security/2011/dsa-2306
vendor-advisory
x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
vendor-advisory
x_refsource_MANDRIVA
https://roundup.ffmpeg.org/issue2322
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
vendor-advisory
x_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
vendor-advisory
x_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/43323
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-1104-1/
vendor-advisory
x_refsource_UBUNTU
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
vendor-advisory
x_refsource_MANDRIVA
http://ffmpeg.mplayerhq.hu/
x_refsource_CONFIRM
http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078
x_refsource_CONFIRM
http://www.debian.org/security/2011/dsa-2165
vendor-advisory
x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2011/1241
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/bid/46294
vdb-entry
x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.debian.org/security/2011/dsa-2306
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: https://roundup.ffmpeg.org/issue2322
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/43323
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/usn-1104-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://ffmpeg.mplayerhq.hu/
Resource:
x_refsource_CONFIRM
Hyperlink: http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2011/dsa-2165
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.vupen.com/english/advisories/2011/1241
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/46294
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
Resource:
vendor-advisory
x_refsource_MANDRIVA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.debian.org/security/2011/dsa-2306
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
vendor-advisory
x_refsource_MANDRIVA
x_transferred
https://roundup.ffmpeg.org/issue2322
x_refsource_CONFIRM
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/43323
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/usn-1104-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://ffmpeg.mplayerhq.hu/
x_refsource_CONFIRM
x_transferred
http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2011/dsa-2165
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.vupen.com/english/advisories/2011/1241
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/bid/46294
vdb-entry
x_refsource_BID
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2306
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: https://roundup.ffmpeg.org/issue2322
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/43323
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-1104-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://ffmpeg.mplayerhq.hu/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2165
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/1241
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/46294
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Jan, 2011 | 22:00
Updated At:11 Apr, 2025 | 00:51

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
FFmpeg
ffmpeg
>>ffmpeg>>Versions up to 0.6.1(inclusive)
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.3
cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.3.1
cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.3.2
cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.3.3
cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.3.4
cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.4.0
cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.4.2
cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.4.3
cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.4.4
cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.4.5
cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.4.6
cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.4.7
cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.4.8
cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.4.9
cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.5
cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
FFmpeg
ffmpeg
>>ffmpeg>>0.6
cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://ffmpeg.mplayerhq.hu/cve@mitre.org
N/A
http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078cve@mitre.org
N/A
http://secunia.com/advisories/43323cve@mitre.org
N/A
http://www.debian.org/security/2011/dsa-2165cve@mitre.org
N/A
http://www.debian.org/security/2011/dsa-2306cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:060cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114cve@mitre.org
N/A
http://www.securityfocus.com/bid/46294cve@mitre.org
N/A
http://www.ubuntu.com/usn/usn-1104-1/cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/1241cve@mitre.org
N/A
https://roundup.ffmpeg.org/issue2322cve@mitre.org
Exploit
http://ffmpeg.mplayerhq.hu/af854a3a-2127-422b-91ae-364da2661108
N/A
http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/43323af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2011/dsa-2165af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2011/dsa-2306af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:060af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/46294af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/usn-1104-1/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/1241af854a3a-2127-422b-91ae-364da2661108
N/A
https://roundup.ffmpeg.org/issue2322af854a3a-2127-422b-91ae-364da2661108
Exploit
Hyperlink: http://ffmpeg.mplayerhq.hu/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/43323
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2011/dsa-2165
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2011/dsa-2306
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/46294
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-1104-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/1241
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://roundup.ffmpeg.org/issue2322
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://ffmpeg.mplayerhq.hu/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/43323
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2011/dsa-2165
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2011/dsa-2306
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/46294
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-1104-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/1241
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://roundup.ffmpeg.org/issue2322
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

691Records found
CVE-2016-7785
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 50.61%
||
7 Day CHG~0.00%
Published-23 Dec, 2016 | 05:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-8595
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 47.34%
||
7 Day CHG~0.00%
Published-23 Dec, 2016 | 05:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2839
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.91% / 74.83%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.

Action-Not Available
Vendor-n/aMozilla CorporationFFmpegLinux Kernel Organization, Inc
Product-linux_kernelfirefoxffmpegn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3674
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.11% / 77.27%
||
7 Day CHG~0.00%
Published-10 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3675
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 64.92%
||
7 Day CHG~0.00%
Published-10 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3672
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.88% / 74.36%
||
7 Day CHG~0.00%
Published-10 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0860
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.89% / 74.59%
||
7 Day CHG~0.00%
Published-23 Nov, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-3936
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.03% / 76.37%
||
7 Day CHG~0.00%
Published-20 Aug, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.

Action-Not Available
Vendor-libavn/aFFmpeg
Product-ffmpeglibavn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-12459
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.07%
||
7 Day CHG~0.00%
Published-15 Jun, 2018 | 15:00
Updated-16 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-12458
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.96% / 75.57%
||
7 Day CHG~0.00%
Published-15 Jun, 2018 | 15:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-4640
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.62% / 87.34%
||
7 Day CHG~0.00%
Published-10 Feb, 2010 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CVE-2020-23906
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.88%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:26
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2020-22048
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 71.18%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 15:40
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22042
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.96%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:53
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22028
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.41% / 79.72%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 20:39
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-21697
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.17%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 20:19
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2020-22043
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.37%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:57
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22056
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.38%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 17:55
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22019
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 73.18%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 19:13
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-22026
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.28% / 78.75%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 20:31
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-22024
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 47.80%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 20:18
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-22037
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.21%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:22
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22046
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 68.77%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 15:10
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2009-4638
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.71% / 85.31%
||
7 Day CHG~0.00%
Published-10 Feb, 2010 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CVE-2020-22021
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.10%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 19:25
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-22051
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.40%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 16:06
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22020
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.34% / 84.25%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 19:08
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-22038
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.42%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:25
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22044
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.03% / 76.44%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 20:02
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22049
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.55% / 80.69%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 15:44
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22033
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.04% / 76.56%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 18:42
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-22054
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.55% / 80.69%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 17:34
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-22040
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.40%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:18
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2017-15186
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.55% / 67.02%
||
7 Day CHG~0.00%
Published-24 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-415
Double Free
CVE-2020-35964
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 66.20%
||
7 Day CHG~0.00%
Published-03 Jan, 2021 | 18:57
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.

Action-Not Available
Vendor-n/aFFmpegLinux Kernel Organization, Inc
Product-ffmpeglinux_kerneln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1475
Matching Score-8
Assigner-Fedora Project
ShareView Details
Matching Score-8
Assigner-Fedora Project
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 25.11%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 00:00
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegFFmpeg
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-1000460
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.20%
||
7 Day CHG~0.00%
Published-03 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.

Action-Not Available
Vendor-libavn/aFFmpegGoogle LLC
Product-libavffmpegchromen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-9561
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 47.26%
||
7 Day CHG~0.00%
Published-23 Dec, 2016 | 05:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CVE-2016-7905
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.54% / 66.55%
||
7 Day CHG~0.00%
Published-23 Dec, 2016 | 05:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-7562
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.63% / 69.47%
||
7 Day CHG~0.00%
Published-23 Dec, 2016 | 05:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7122
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 40.64%
||
7 Day CHG~0.00%
Published-23 Dec, 2016 | 05:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CVE-2020-22041
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.82% / 73.43%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:34
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2016-2213
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 70.71%
||
7 Day CHG~0.00%
Published-03 Feb, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-13904
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.47% / 63.45%
||
7 Day CHG~0.00%
Published-07 Jun, 2020 | 18:07
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxFFmpeg
Product-ubuntu_linuxffmpegdebian_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2012-6617
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.58% / 67.93%
||
7 Day CHG~0.00%
Published-24 Dec, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CVE-2014-125012
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-18 Jun, 2022 | 06:16
Updated-15 Apr, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FFmpeg dxtroy.c integer coercion

A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-unspecifiedFFmpeg
Product-ffmpegFFmpeg
CWE ID-CWE-192
Integer Coercion Error
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2014-125013
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.58%
||
7 Day CHG~0.00%
Published-18 Jun, 2022 | 06:16
Updated-15 Apr, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FFmpeg msrle.c msrle_decode_frame memory corruption

A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-unspecifiedFFmpeg
Product-ffmpegFFmpeg
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-125002
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.58%
||
7 Day CHG~0.00%
Published-18 Jun, 2022 | 06:15
Updated-15 Apr, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FFmpeg dnxhdenc.c dnxhd_init_rc memory corruption

A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-unspecifiedFFmpeg
Product-ffmpegFFmpeg
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-125016
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.58%
||
7 Day CHG~0.00%
Published-18 Jun, 2022 | 06:16
Updated-15 Apr, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FFmpeg utils.c ff_init_buffer_info memory corruption

A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-unspecifiedFFmpeg
Product-ffmpegFFmpeg
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-125023
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.58%
||
7 Day CHG~0.00%
Published-19 Jun, 2022 | 06:10
Updated-15 Apr, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FFmpeg Truemotion1 truemotion1_decode_header memory corruption

A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-unspecifiedFFmpeg
Product-ffmpegFFmpeg
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 13
  • 14
  • Next
Details not found