Shodan
Vulnerabilities
Vulnerable Software
Ffmpeg:  >> Ffmpeg  Security Vulnerabilities
CVE-2020-13904
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
CVSS Score
5.5
EPSS Score
0.005
Published
2020-06-07
CVE-2020-12284
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
CVSS Score
9.8
EPSS Score
0.051
Published
2020-04-28
CVE-2014-4610
Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.
CVSS Score
8.8
EPSS Score
0.03
Published
2020-01-14
CVE-2019-17539
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-10-14
CVE-2019-17542
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-10-14
CVE-2019-15942
FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-09-05
CVE-2019-13390
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-07-07
CVE-2019-13312
block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-07-05
CVE-2019-12730
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.
CVSS Score
9.8
EPSS Score
0.017
Published
2019-06-04
CVE-2019-11338
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
CVSS Score
8.8
EPSS Score
0.02
Published
2019-04-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved