Search CVE reports
1 – 10 of 495 results
CVE-2023-6605
Medium priorityA flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | — | — |
CVE-2023-6604
Medium priorityA flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted...
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | — | — |
CVE-2023-6601
Medium priorityA flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | — | — |
CVE-2024-36613
Medium priorityFFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | — | — |
CVE-2024-35365
Medium priorityFFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | — | — |
CVE-2023-6603
Medium priorityA flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | — | — |
CVE-2023-6602
Medium priorityA flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | — | — |
CVE-2024-35368
Medium priorityFFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | — | — |
CVE-2024-35367
Medium priorityFFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | — | — |
CVE-2024-35366
Medium priorityFFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows...
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libav | Not in release | Not in release | Not in release | — | — |