Total
476 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10256 | 1 Ffmpeg | 1 Ffmpeg | 2026-02-26 | N/A | 5.3 MEDIUM |
|
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service.
|
|||||
| CVE-2025-12343 | 1 Ffmpeg | 1 Ffmpeg | 2026-02-26 | N/A | 3.3 LOW |
|
A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execu ...
Show More |
|||||
| CVE-2025-25468 | 1 Ffmpeg | 1 Ffmpeg | 2026-01-29 | N/A | 6.5 MEDIUM |
|
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.
|
|||||
| CVE-2025-25469 | 1 Ffmpeg | 1 Ffmpeg | 2026-01-29 | N/A | 6.5 MEDIUM |
|
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c.
|
|||||
| CVE-2025-22921 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2026-01-12 | N/A | 6.5 MEDIUM |
|
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
|
|||||
| CVE-2023-51791 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2026-01-07 | N/A | 7.8 HIGH |
|
Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map.
|
|||||
| CVE-2023-51793 | 1 Ffmpeg | 1 Ffmpeg | 2026-01-07 | N/A | 7.8 HIGH |
|
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
|
|||||
| CVE-2023-51795 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2026-01-07 | N/A | 8.0 HIGH |
|
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame
|
|||||
| CVE-2023-51796 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2026-01-07 | N/A | 3.6 LOW |
|
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.
|
|||||
| CVE-2023-51797 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2026-01-07 | N/A | 6.7 MEDIUM |
|
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame
|
|||||
| CVE-2023-51798 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2026-01-07 | N/A | 7.8 HIGH |
|
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.
|
|||||
| CVE-2023-51794 | 1 Ffmpeg | 1 Ffmpeg | 2026-01-07 | N/A | 7.8 HIGH |
|
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
|
|||||
| CVE-2025-63757 | 1 Ffmpeg | 1 Ffmpeg | 2025-12-30 | N/A | 7.5 HIGH |
|
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
|
|||||
| CVE-2024-31582 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-11-04 | N/A | 7.8 HIGH |
|
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.
|
|||||
| CVE-2024-31581 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-11-04 | N/A | 9.8 CRITICAL |
|
FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.
|
|||||
| CVE-2024-31578 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-11-04 | N/A | 7.5 HIGH |
|
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
|
|||||
| CVE-2023-49528 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-11-04 | N/A | 8.0 HIGH |
|
Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.
|
|||||
| CVE-2023-49502 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-11-04 | N/A | 8.8 HIGH |
|
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.
|
|||||
| CVE-2023-49501 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-11-04 | N/A | 8.0 HIGH |
|
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component.
|
|||||
| CVE-2024-7055 | 1 Ffmpeg | 1 Ffmpeg | 2025-11-03 | 7.5 HIGH | 6.3 MEDIUM |
|
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-27365 ...
Show More |
|||||
| CVE-2025-0518 | 1 Ffmpeg | 1 Ffmpeg | 2025-11-03 | N/A | 5.3 MEDIUM |
|
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C .
This issue affects FFmpeg: 7.1.
Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosma ...
Show More |
|||||
| CVE-2024-36618 | 1 Ffmpeg | 1 Ffmpeg | 2025-11-03 | N/A | 6.2 MEDIUM |
|
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
|
|||||
| CVE-2024-35368 | 1 Ffmpeg | 1 Ffmpeg | 2025-11-03 | N/A | 9.8 CRITICAL |
|
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
|
|||||
| CVE-2024-35367 | 1 Ffmpeg | 1 Ffmpeg | 2025-11-03 | N/A | 9.1 CRITICAL |
|
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer
|
|||||
| CVE-2023-6605 | 1 Ffmpeg | 1 Ffmpeg | 2025-11-03 | N/A | 7.2 HIGH |
|
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.
|
|||||
| CVE-2023-6604 | 1 Ffmpeg | 1 Ffmpeg | 2025-11-03 | N/A | 5.3 MEDIUM |
|
A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.
|
|||||
| CVE-2023-6602 | 1 Ffmpeg | 1 Ffmpeg | 2025-11-03 | N/A | 5.3 MEDIUM |
|
A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.
|
|||||
| CVE-2023-6601 | 1 Ffmpeg | 1 Ffmpeg | 2025-11-03 | N/A | 4.7 MEDIUM |
|
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
|
|||||
| CVE-2023-6603 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-21 | N/A | 7.5 HIGH |
|
A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.
|
|||||
| CVE-2023-47470 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | N/A | 7.8 HIGH |
|
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c
|
|||||
| CVE-2024-22861 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | N/A | 7.5 HIGH |
|
Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
|
|||||
| CVE-2024-22862 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | N/A | 9.8 CRITICAL |
|
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
|
|||||
| CVE-2023-46407 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | N/A | 5.5 MEDIUM |
|
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.
|
|||||
| CVE-2024-22860 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | N/A | 9.8 CRITICAL |
|
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
|
|||||
| CVE-2022-3109 | 3 Debian, Fedoraproject, Ffmpeg | 3 Debian Linux, Fedora, Ffmpeg | 2025-08-07 | N/A | 7.5 HIGH |
|
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
|
|||||
| CVE-2022-3341 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-08-07 | N/A | 5.3 MEDIUM |
|
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
|
|||||
| CVE-2024-31585 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-09 | N/A | 5.3 MEDIUM |
|
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
|||||
| CVE-2023-50010 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-09 | N/A | 7.8 HIGH |
|
FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.
|
|||||
| CVE-2023-50009 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-09 | N/A | 8.0 HIGH |
|
FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component.
|
|||||
| CVE-2023-50008 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-06 | N/A | 7.8 HIGH |
|
FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component.
|
|||||