Known Vulnerabilities for products from FFmpeg
Listed below are 20 of the newest known vulnerabilities associated with the vendor "FFmpeg".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40962 json | FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to li... | Not Provided | 2026-04-16 | 2026-04-20 |
| CVE-2026-35450 json | Not Provided | 2026-04-06 | 2026-04-07 | |
| CVE-2026-35033 json | Not Provided | 2026-04-14 | 2026-04-15 | |
| CVE-2026-30999 json | A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (D... | Not Provided | 2026-04-13 | 2026-04-23 |
| CVE-2026-30998 json | An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attacker... | Not Provided | 2026-04-13 | 2026-04-23 |
| CVE-2026-30997 json | An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a ... | Not Provided | 2026-04-13 | 2026-04-23 |
| CVE-2026-6385 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-3682 json | Not Provided | 2026-03-08 | 2026-03-11 | |
| CVE-2025-7700 json | Not Provided | 2025-11-07 | 2026-05-06 | |
| CVE-2024-22862 json | 9.8 - CRITICAL | 2024-01-27 | 2024-02-02 | |
| CVE-2024-22861 json | 7.5 - HIGH | 2024-01-27 | 2024-02-02 | |
| CVE-2024-22860 json | 9.8 - CRITICAL | 2024-01-27 | 2024-02-02 | |
| CVE-2023-46407 json | FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read... | 5.5 - MEDIUM | 2023-10-27 | 2024-01-30 |
| CVE-2023-39018 json | FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.| 9.8 - CRITICAL
|
2023-07-28
|
2024-03-12
|
|
| CVE-2022-48434 json | libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker th... | 8.1 - HIGH | 2023-03-29 | 2023-12-23 |
| CVE-2022-3965 json | A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of t... | 8.1 - HIGH | 2022-11-13 | 2023-12-23 |
| CVE-2022-3964 json | A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzae... | 8.1 - HIGH | 2022-11-13 | 2023-12-23 |
| CVE-2022-3341 json | A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. Th... | 5.3 - MEDIUM | 2023-01-12 | 2023-06-13 |
| CVE-2022-3109 json | An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of ... | 7.5 - HIGH | 2022-12-16 | 2023-11-07 |
| CVE-2022-2566 json | A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` g... | 7.8 - HIGH | 2022-09-23 | 2023-06-27 |
Known software with vulnerabilities from FFmpeg
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ffmpeg | Ffmpeg | 0.10 |
| Application | Ffmpeg | Libswresample | 3.0.101 |