National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ffmpeg:ffmpeg:3.0.5
There are 47 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2017-9608

The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.

Published: December 27, 2017; 02:29:00 PM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-15672

The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.

Published: November 06, 2017; 12:29:00 PM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-15186

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

Published: October 24, 2017; 01:29:00 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-14767

The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.

Published: September 27, 2017; 04:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-11719

The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.

Published: July 28, 2017; 01:29:00 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-11399

Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.

Published: July 17, 2017; 03:29:00 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-9996

The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

Published: June 28, 2017; 02:29:00 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-9994

libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

Published: June 28, 2017; 02:29:00 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-9993

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.

Published: June 28, 2017; 02:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-9992

Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

Published: June 28, 2017; 02:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-9991

Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

Published: June 28, 2017; 02:29:00 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-9990

Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

Published: June 28, 2017; 02:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-7859

FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.

Published: April 14, 2017; 12:59:00 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-6920

Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.

Published: January 23, 2017; 04:59:02 PM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-9561

The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.

Published: December 23, 2016; 12:59:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-8595

The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

Published: December 23, 2016; 12:59:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-7905

The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.

Published: December 23, 2016; 12:59:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-7785

The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

Published: December 23, 2016; 12:59:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-7562

The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.

Published: December 23, 2016; 12:59:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-7555

The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.

Published: December 23, 2016; 12:59:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM