A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-02-23
A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-02-17
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-03
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-01-03
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-11-29
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer
CVSS Score
9.1
EPSS Score
0.002
Published
2024-11-29
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-11-29
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
CVSS Score
6.2
EPSS Score
0.0
Published
2024-11-29
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
CVSS Score
6.2
EPSS Score
0.001
Published
2024-11-29
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-11-29
Page 1