CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0518 – Unchecked sscanf return value which leads to memory data leak
https://notcve.org/view.php?id=CVE-2025-0518
16 Jan 2025 — Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman • https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a • CWE-125: Out-of-bounds Read CWE-252: Unchecked Return Value •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36619
https://notcve.org/view.php?id=CVE-2024-36619
29 Nov 2024 — FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. • https://gist.github.com/1047524396/fad68e8251f4e34a1bb838de697d5119 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2024-7272 – FFmpeg swresample.c fill_audiodata heap-based overflow
https://notcve.org/view.php?id=CVE-2024-7272
08 Aug 2024 — A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. • https://ffmpeg.org • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32228
https://notcve.org/view.php?id=CVE-2024-32228
01 Jul 2024 — FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. FFmpeg 7.0 es vulnerable al desbordamiento del búfer. Hay un SEGV en libavcodec/hevcdec.c:2947:22 en hevc_frame_end. • https://trac.ffmpeg.org/ticket/10951 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32229
https://notcve.org/view.php?id=CVE-2024-32229
01 Jul 2024 — FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. FFmpeg 7.0 contiene un desbordamiento del búfer de montón en libavfilter/vf_tiltandshift.c:189:5 en copy_column. • https://trac.ffmpeg.org/ticket/10950 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-32230 – Ubuntu Security Notice USN-6983-1
https://notcve.org/view.php?id=CVE-2024-32230
01 Jul 2024 — FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 FFmpeg 7.0 es vulnerable al desbordamiento del búfer. Hay un error de parámetro de tamaño negativo en libavcodec/mpegvideo_enc.c:1216:21 en load_input_picture en FFmpeg7.0 Zeng Yunxiang discovered that FFmpeg incorrectly handled memory during video encoding. An attacker could possibly use this issue to perform a denial of service, or execute arbitrary code. • https://trac.ffmpeg.org/ticket/10952 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-51794 – Debian Security Advisory 5721-1
https://notcve.org/view.php?id=CVE-2023-51794
26 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.N113007-g8d24a28d06 permite a un atacante local ejecutar código arbitrario a través de libavfilter/af_stereowiden.c:120:69. Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a... • https://trac.ffmpeg.org/ticket/10746 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-49501 – Ubuntu Security Notice USN-6803-1
https://notcve.org/view.php?id=CVE-2023-49501
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.n6.1-3-g466799d4f5 permite a un atacante local ejecutar código arbitrario a través de la función config_eq_output en el componente libavfilter/asrc_afirsrc.c:495:30. Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. ... • https://github.com/FFmpeg/FFmpeg • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2023-49502 – Ubuntu Security Notice USN-6803-1
https://notcve.org/view.php?id=CVE-2023-49502
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.n6.1-3-g466799d4f5 permite a un atacante local ejecutar código arbitrario a través de la función ff_bwdif_filter_intra_c en el componente libavfilter/bwdifdsp.c:125:5. Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input fil... • https://github.com/FFmpeg/FFmpeg • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50007 – Ubuntu Security Notice USN-6803-1
https://notcve.org/view.php?id=CVE-2023-50007
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.n6.1-3-g466799d4f5 permite a un atacante local ejecutar código arbitrario a través de la función av_samples_set_silence en el componente libavutil/samplefmt.c:260:9. Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An... • https://github.com/FFmpeg/FFmpeg/commit/b1942734c7cbcdc9034034373abcc9ecb9644c47 • CWE-121: Stack-based Buffer Overflow •