CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-22860
https://notcve.org/view.php?id=CVE-2024-22860
27 Jan 2024 — Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a atacantes remotos ejecutar código arbitrario a través del componente jpegxl_anim_read_packet en el decodificador de animación JPEG XL. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61991 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22861
https://notcve.org/view.php?id=CVE-2024-22861
27 Jan 2024 — Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a los atacantes provocar una denegación de servicio (DoS) a través del módulo avcodec/osq. • https://github.com/FFmpeg/FFmpeg/commit/87b8c1081959e45ffdcbabb3d53ac9882ef2b5ce • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-22862
https://notcve.org/view.php?id=CVE-2024-22862
27 Jan 2024 — Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a atacantes remotos ejecutar código arbitrario a través de JJPEG XL Parser. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62113 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47470
https://notcve.org/view.php?id=CVE-2023-47470
16 Nov 2023 — Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c Vulnerabilidad de desbordamiento del búfer en Ffmpeg anterior al commit de github 4565747056a11356210ed8edcecb920105e40b60 permite a un atacante remoto lograr una escritura fuera de matriz, ejecutar código arbitrario y provocar una... • https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46407
https://notcve.org/view.php?id=CVE-2023-46407
27 Oct 2023 — FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. Se descubrió que FFmpeg antes del commit bf814 contenía una lectura fuera de los límites a través de la variable dist->alphabet_size en la función read_vlc_prefix(). • https://github.com/FFmpeg/FFmpeg/commit/bf814387f42e9b0dea9d75c03db4723c88e7d962 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48434 – Ubuntu Security Notice USN-6449-2
https://notcve.org/view.php?id=CVE-2022-48434
29 Mar 2023 — libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue on... • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11 • CWE-416: Use After Free •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3964 – ffmpeg QuickTime RPZA Video Encoder rpzaenc.c out-of-bounds
https://notcve.org/view.php?id=CVE-2022-3964
13 Nov 2022 — A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3965 – ffmpeg QuickTime Graphics Video Encoder smcenc.c smc_encode_stream out-of-bounds
https://notcve.org/view.php?id=CVE-2022-3965
13 Nov 2022 — A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2566 – Heap-memory write in FFMPEG
https://notcve.org/view.php?id=CVE-2022-2566
23 Sep 2022 — A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 Existe una escritura de memoria fuera de los límite... • https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 0CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
07 Dec 2005 — Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •