Known Vulnerabilities for products from Ffmpeg
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ffmpeg".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-38291 | FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mat... | 7.5 - HIGH | 2021-08-12 | 2023-12-23 |
| CVE-2021-38171 | adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necess... | 9.8 - CRITICAL | 2021-08-21 | 2023-12-23 |
| CVE-2021-38114 | libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-086... | 5.5 - MEDIUM | 2021-08-04 | 2023-11-07 |
| CVE-2021-38094 | Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to ... | 8.8 - HIGH | 2021-09-20 | 2021-09-23 |
| CVE-2021-38093 | Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to... | 8.8 - HIGH | 2021-09-20 | 2021-09-23 |
| CVE-2021-38092 | Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers t... | 8.8 - HIGH | 2021-09-20 | 2021-09-23 |
| CVE-2021-38091 | Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers t... | 8.8 - HIGH | 2021-09-20 | 2021-09-23 |
| CVE-2021-38090 | Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers... | 8.8 - HIGH | 2021-09-20 | 2021-09-23 |
| CVE-2021-38089 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22035. Reason: This candidate is a duplicate of CVE-2020-... | Not Provided | 2021-09-20 | 2023-11-07 |
| CVE-2021-33815 | dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checke... | 8.8 - HIGH | 2021-06-03 | 2023-12-23 |
| CVE-2021-30123 | FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execu... | 8.8 - HIGH | 2021-04-07 | 2023-11-07 |
| CVE-2021-28429 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.5 - MEDIUM | 2023-08-11 | 2023-08-18 |
| CVE-2021-3566 | Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "f... | 5.5 - MEDIUM | 2021-08-05 | 2022-12-21 |
| CVE-2020-36138 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-08-11 | 2023-08-16 |
| CVE-2020-35965 | decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perf... | 7.5 - HIGH | 2021-01-04 | 2021-11-05 |
| CVE-2020-35964 | track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. | 6.5 - MEDIUM | 2021-01-03 | 2022-08-06 |
| CVE-2020-24995 | Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execu... | 7.8 - HIGH | 2021-03-30 | 2023-11-07 |
| CVE-2020-24020 | Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due ... | 8.8 - HIGH | 2021-05-26 | 2023-11-07 |
| CVE-2020-23906 | FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient v... | 5.5 - MEDIUM | 2021-11-10 | 2021-11-16 |
| CVE-2020-22056 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. | 6.5 - MEDIUM | 2021-06-02 | 2021-06-07 |
Known software with vulnerabilities from Ffmpeg
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ffmpeg | Ffmpeg | 0.3 |
| Application | Ffmpeg | Libswresample | 3.0.101 |