Known Vulnerabilities for products from FFmpeg

Listed below are 20 of the newest known vulnerabilities associated with the vendor "FFmpeg".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-40962 json Not Provided 2026-04-16 2026-04-16
CVE-2026-35450 json Not Provided 2026-04-06 2026-04-07
CVE-2026-35033 json Not Provided 2026-04-14 2026-04-15
CVE-2026-30999 json A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (D... Not Provided 2026-04-13 2026-04-23
CVE-2026-30998 json An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attacker... Not Provided 2026-04-13 2026-04-23
CVE-2026-30997 json An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a ... Not Provided 2026-04-13 2026-04-23
CVE-2026-12706 json Not Provided 2026-06-19 2026-06-22
CVE-2026-8461 json Not Provided 2026-06-18 2026-06-19
CVE-2026-6385 json Not Provided 2026-04-15 2026-04-15
CVE-2025-7700 json Not Provided 2025-11-07 2026-05-06
CVE-2024-22862 json 9.8 - CRITICAL 2024-01-27 2024-02-02
CVE-2024-22861 json 7.5 - HIGH 2024-01-27 2024-02-02
CVE-2024-22860 json 9.8 - CRITICAL 2024-01-27 2024-02-02
CVE-2023-46407 json FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read... 5.5 - MEDIUM 2023-10-27 2024-01-30
CVE-2023-39018 json FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg. 9.8 - CRITICAL 2023-07-28 2024-03-12
CVE-2022-48434 json libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker th... 8.1 - HIGH 2023-03-29 2023-12-23
CVE-2022-3965 json A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of t... 8.1 - HIGH 2022-11-13 2023-12-23
CVE-2022-3964 json A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzae... 8.1 - HIGH 2022-11-13 2023-12-23
CVE-2022-3341 json A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. Th... 5.3 - MEDIUM 2023-01-12 2023-06-13
CVE-2022-3109 json An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of ... 7.5 - HIGH 2022-12-16 2023-11-07
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from FFmpeg

Type Vendor Product Version
ApplicationFfmpegFfmpeg0.10
ApplicationFfmpegLibswresample3.0.101
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report