Summary
Detail | |||
---|---|---|---|
Vendor | Ffmpeg | First view | 2005-12-07 |
Product | Ffmpeg | Last view | 2024-01-27 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2024-01-27 | CVE-2024-22862 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. |
7.5 | 2024-01-27 | CVE-2024-22861 | Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. |
9.8 | 2024-01-27 | CVE-2024-22860 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. |
7.8 | 2023-11-16 | CVE-2023-47470 | Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c |
5.5 | 2023-10-27 | CVE-2023-46407 | FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. |
5.5 | 2023-08-11 | CVE-2021-28429 | Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. |
7.5 | 2023-08-11 | CVE-2020-36138 | An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). |
8.1 | 2023-03-29 | CVE-2022-48434 | libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). |
5.3 | 2023-01-12 | CVE-2022-3341 | A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. |
7.5 | 2022-12-16 | CVE-2022-3109 | An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. |
8.1 | 2022-11-13 | CVE-2022-3965 | A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. |
8.1 | 2022-11-13 | CVE-2022-3964 | A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. |
7.8 | 2022-09-23 | CVE-2022-2566 | A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 |
5.5 | 2022-06-19 | CVE-2014-125025 | A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
7.8 | 2022-06-19 | CVE-2014-125024 | A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
5.5 | 2022-06-19 | CVE-2014-125023 | A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
5.5 | 2022-06-19 | CVE-2014-125022 | A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
5.5 | 2022-06-19 | CVE-2014-125021 | A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
7.8 | 2022-06-19 | CVE-2014-125020 | A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. |
5.5 | 2022-06-19 | CVE-2014-125019 | A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. |
5.5 | 2022-06-19 | CVE-2014-125018 | A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. |
7.8 | 2022-06-18 | CVE-2014-125017 | A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue. |
5.5 | 2022-06-18 | CVE-2014-125016 | A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. |
7.8 | 2022-06-18 | CVE-2014-125015 | A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. |
5.5 | 2022-06-18 | CVE-2014-125014 | A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
29% (105) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12% (46) | CWE-787 | Out-of-bounds Write |
10% (37) | CWE-20 | Improper Input Validation |
9% (33) | CWE-189 | Numeric Errors |
6% (25) | CWE-125 | Out-of-bounds Read |
4% (15) | CWE-476 | NULL Pointer Dereference |
4% (15) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
4% (15) | CWE-190 | Integer Overflow or Wraparound |
3% (13) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
3% (12) | CWE-399 | Resource Management Errors |
2% (8) | CWE-369 | Divide By Zero |
1% (5) | CWE-416 | Use After Free |
1% (4) | CWE-200 | Information Exposure |
1% (4) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
1% (4) | CWE-17 | Code |
0% (3) | CWE-617 | Reachable Assertion |
0% (3) | CWE-252 | Unchecked Return Value |
0% (3) | CWE-129 | Improper Validation of Array Index |
0% (2) | CWE-681 | Incorrect Conversion between Numeric Types |
0% (2) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
0% (1) | CWE-415 | Double Free |
0% (1) | CWE-404 | Improper Resource Shutdown or Release |
0% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
0% (1) | CWE-362 | Race Condition |
0% (1) | CWE-345 | Insufficient Verification of Data Authenticity |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:7843 | DSA-1781 ffmpeg-debian -- several vulnerabilities |
oval:org.mitre.oval:def:17029 | USN-630-1 -- ffmpeg vulnerability |
oval:org.mitre.oval:def:13670 | DSA-1781-1 ffmpeg-debian -- several vulnerabilities |
oval:org.mitre.oval:def:12918 | USN-734-1 -- ffmpeg, ffmpeg-debian vulnerabilities |
oval:org.mitre.oval:def:7021 | DSA-2000 ffmpeg-debian -- several vulnerabilities |
oval:org.mitre.oval:def:13249 | USN-931-1 -- ffmpeg, ffmpeg-debian vulnerabilities |
oval:org.mitre.oval:def:13112 | DSA-2000-1 ffmpeg-debian -- several |
oval:org.mitre.oval:def:12955 | DSA-2165-1 ffmpeg-debian -- buffer overflow |
oval:org.mitre.oval:def:15128 | DSA-2306-1 ffmpeg -- several |
oval:org.mitre.oval:def:13661 | USN-1104-1 -- ffmpeg vulnerabilities |
oval:org.mitre.oval:def:14770 | DSA-2336-1 ffmpeg -- several |
oval:org.mitre.oval:def:21194 | USN-1209-1 -- ffmpeg vulnerabilities |
oval:org.mitre.oval:def:21095 | USN-1209-2 -- libav vulnerabilities |
oval:org.mitre.oval:def:20187 | DSA-2494-1 ffmpeg - several |
oval:org.mitre.oval:def:15405 | USN-1333-1 -- Libav vulnerabilities |
oval:org.mitre.oval:def:15186 | DSA-2378-1 ffmpeg -- several |
oval:org.mitre.oval:def:14629 | USN-1320-1 -- FFmpeg vulnerabilities |
oval:org.mitre.oval:def:18129 | USN-1675-1 -- ffmpeg vulnerabilities |
oval:org.mitre.oval:def:17970 | USN-1674-1 -- libav vulnerabilities |
oval:org.mitre.oval:def:16660 | USN-1630-1 -- Libav vulnerabilities |
oval:org.mitre.oval:def:20045 | DSA-2624-1 ffmpeg - several |
oval:org.mitre.oval:def:18046 | USN-1706-1 -- ffmpeg vulnerabilities |
oval:org.mitre.oval:def:18289 | USN-1790-1 -- libav vulnerabilities |
oval:org.mitre.oval:def:20139 | DSA-2793-1 libav - several |
oval:org.mitre.oval:def:22212 | DSA-2855-1 libav - several |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
78300 | FFmpeg libavcodec/svq1dec.c svq1_decode_frame() Function File Handling Memory... |
78090 | FFmpeg libavcodec vmd_decode() Function Frame Dimension Offset Parsing Remote... |
77291 | FFmpeg Multiple Function Out-of-bounds Read Remote DoS |
77290 | FFmpeg libavcodec/vp3.c vp3_dequant() Function Unspecified Remote Overflow |
77289 | FFmpeg libavcodec/qdm2.c Unspecified Remote Overflow |
76803 | FFmpeg cavsdec.c libavcodec decode_residual_inter Function CAVS File Handling... |
76802 | FFmpeg cavsdec.c libavcodec Multiple Function CAVS File Handling Remote DoS |
75658 | FFmpeg libavformat/rtpdec_asf.c asfrtp_parse_packet() Function ASF Packet Par... |
75621 | FFmpeg Matroska File Handling Remote Code Execution |
74926 | ffmpeg libavcodec/cavsdec.c Multiple Function Signedness Error CAVS File Hand... |
74020 | FFmpeg on Mandriva Multiple Unspecified Issues |
73646 | FFmpeg VC-1 Decoding Read Operation Restriction Weakness Unspecified Issue |
72579 | FFmpeg Malformed WMV File Handling Memory Corruption |
72578 | FFmpeg RealMedia File Handling Memory Corruption DoS |
72577 | FFmpeg LibAVCodec Sunplus JPEG Decoder AMV File Handling Arbitrary Code Execu... |
72575 | FFmpeg libavformat ape.c ape_read_header Function Malformed APE File Handling... |
72574 | FFmpeg Malformed VC-1 File Handling DoS |
70651 | FFmpeg Vorbis Decoder libavcodec/vorbis_dec.c vorbis_residue_decode_internal ... |
70650 | FFmpeg Vorbis Decoder libavcodec/vorbis_dec.c vorbis_floor0_decode Function O... |
68269 | FFmpeg libavcodec/flicvideo.c Multiple Function Array Indexing Memory Corruption |
62328 | FFmpeg vorbis_dec.c Array Index Error Out-of-bounds Read Remote DoS |
62327 | FFmpeg mov.c Out-of-bounds Memory Pointer Underflow |
58510 | FFmpeg AVI Demuxer av_rescale_rnd Function Divide-by-zero DoS |
58509 | FFmpeg Multiple Overflows |
58508 | FFmpeg Unspecified Crafted File Infinite Loop DoS |
OpenVAS Exploits
id | Description |
---|---|
2013-09-18 | Name : Debian Security Advisory DSA 2471-1 (ffmpeg - several vulnerabilities) File : nvt/deb_2471_1.nasl |
2012-12-26 | Name : Ubuntu Update for ffmpeg USN-1675-1 File : nvt/gb_ubuntu_USN_1675_1.nasl |
2012-12-26 | Name : Ubuntu Update for libav USN-1674-1 File : nvt/gb_ubuntu_USN_1674_1.nasl |
2012-11-15 | Name : Ubuntu Update for libav USN-1630-1 File : nvt/gb_ubuntu_USN_1630_1.nasl |
2012-10-22 | Name : Gentoo Security Advisory GLSA 201210-06 (libav) File : nvt/glsa_201210_06.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2494-1 (ffmpeg) File : nvt/deb_2494_1.nasl |
2012-08-03 | Name : Mandriva Update for ffmpeg MDVSA-2012:076 (ffmpeg) File : nvt/gb_mandriva_MDVSA_2012_076.nasl |
2012-08-03 | Name : Mandriva Update for ffmpeg MDVSA-2012:075 (ffmpeg) File : nvt/gb_mandriva_MDVSA_2012_075.nasl |
2012-06-19 | Name : Ubuntu Update for ffmpeg USN-1479-1 File : nvt/gb_ubuntu_USN_1479_1.nasl |
2012-06-19 | Name : Ubuntu Update for libav USN-1478-1 File : nvt/gb_ubuntu_USN_1478_1.nasl |
2012-02-12 | Name : FreeBSD Ports: ffmpeg File : nvt/freebsd_ffmpeg1.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2378-1 (ffmpeg) File : nvt/deb_2378_1.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2336-1 (ffmpeg) File : nvt/deb_2336_1.nasl |
2012-01-20 | Name : Ubuntu Update for libav USN-1333-1 File : nvt/gb_ubuntu_USN_1333_1.nasl |
2012-01-09 | Name : Ubuntu Update for ffmpeg USN-1320-1 File : nvt/gb_ubuntu_USN_1320_1.nasl |
2011-09-23 | Name : Ubuntu Update for libav USN-1209-2 File : nvt/gb_ubuntu_USN_1209_2.nasl |
2011-09-23 | Name : Ubuntu Update for ffmpeg USN-1209-1 File : nvt/gb_ubuntu_USN_1209_1.nasl |
2011-09-21 | Name : Debian Security Advisory DSA 2306-1 (ffmpeg) File : nvt/deb_2306_1.nasl |
2011-07-22 | Name : Mandriva Update for blender MDVSA-2011:114 (blender) File : nvt/gb_mandriva_MDVSA_2011_114.nasl |
2011-07-22 | Name : Mandriva Update for blender MDVSA-2011:112 (blender) File : nvt/gb_mandriva_MDVSA_2011_112.nasl |
2011-07-14 | Name : VLC Media Player 'AMV' Denial of Service Vulnerability (Windows) File : nvt/gb_vlc_media_player_amv_dos_vuln_win.nasl |
2011-07-14 | Name : VLC Media Player 'AMV' Denial of Service Vulnerability (Linux) File : nvt/gb_vlc_media_player_amv_dos_vuln_lin.nasl |
2011-05-17 | Name : Mandriva Update for mplayer MDVSA-2011:089 (mplayer) File : nvt/gb_mandriva_MDVSA_2011_089.nasl |
2011-05-17 | Name : Mandriva Update for mplayer MDVSA-2011:088 (mplayer) File : nvt/gb_mandriva_MDVSA_2011_088.nasl |
2011-04-06 | Name : Ubuntu Update for ffmpeg vulnerabilities USN-1104-1 File : nvt/gb_ubuntu_USN_1104_1.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | FFmpeg OGV file format memory corruption attempt RuleID : 16353 - Type : FILE-MULTIMEDIA - Revision : 14 |
2014-01-10 | FFmpeg 4xm processing memory corruption attempt RuleID : 15871 - Type : FILE-MULTIMEDIA - Revision : 12 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-08 | Name: The remote Debian host is missing a security update. File: debian_DLA-1630.nasl - Type: ACT_GATHER_INFO |
2018-12-21 | Name: The remote Debian host is missing a security update. File: debian_DLA-1611.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201811-19.nasl - Type: ACT_GATHER_INFO |
2018-07-30 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4258.nasl - Type: ACT_GATHER_INFO |
2018-07-30 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_5ccbb2f8c79811e7a633009c02a2ab30.nasl - Type: ACT_GATHER_INFO |
2018-07-18 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4249.nasl - Type: ACT_GATHER_INFO |
2018-01-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4099.nasl - Type: ACT_GATHER_INFO |
2017-11-28 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4049.nasl - Type: ACT_GATHER_INFO |
2017-11-01 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4012.nasl - Type: ACT_GATHER_INFO |
2017-10-23 | Name: The remote Debian host is missing a security update. File: debian_DLA-1142.nasl - Type: ACT_GATHER_INFO |
2017-10-16 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_ed73829daf6d11e7a633009c02a2ab30.nasl - Type: ACT_GATHER_INFO |
2017-10-11 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3996.nasl - Type: ACT_GATHER_INFO |
2017-09-18 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1067.nasl - Type: ACT_GATHER_INFO |
2017-09-18 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1068.nasl - Type: ACT_GATHER_INFO |
2017-08-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3957.nasl - Type: ACT_GATHER_INFO |
2017-05-30 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-631.nasl - Type: ACT_GATHER_INFO |
2017-05-10 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO |
2017-04-28 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-524.nasl - Type: ACT_GATHER_INFO |
2017-04-10 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-449.nasl - Type: ACT_GATHER_INFO |
2017-01-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-71.nasl - Type: ACT_GATHER_INFO |
2016-10-19 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1203.nasl - Type: ACT_GATHER_INFO |
2016-10-05 | Name: The remote Debian host is missing a security update. File: debian_DLA-644.nasl - Type: ACT_GATHER_INFO |
2016-06-28 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO |
2016-06-20 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201606-09.nasl - Type: ACT_GATHER_INFO |
2016-06-15 | Name: The remote Debian host is missing a security update. File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO |