This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


Vendor Ffmpeg First view 2019-04-18
Product Ffmpeg Last view 2020-06-16
Version 4.1.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
CPE Product cpe:2.3:a:ffmpeg:ffmpeg

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2020-06-16 CVE-2020-14212

FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.

9.8 2019-10-13 CVE-2019-17542

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.

9.8 2019-10-13 CVE-2019-17539

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.

8.8 2019-09-05 CVE-2019-15942

FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.

8.8 2019-04-18 CVE-2019-11338

libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.

CWE : Common Weakness Enumeration

40% (2) CWE-476 NULL Pointer Dereference
20% (1) CWE-787 Out-of-bounds Write
20% (1) CWE-129 Improper Validation of Array Index
20% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer