Shodan
Vulnerabilities
Vulnerable Software
Ffmpeg:  >> Ffmpeg  >> 3.0.9  Security Vulnerabilities
CVE-2017-9993
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.
CVSS Score
7.5
EPSS Score
0.562
Published
2017-06-28
CVE-2017-7859
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.
CVSS Score
9.8
EPSS Score
0.01
Published
2017-04-14
CVE-2016-6920
Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.
CVSS Score
7.5
EPSS Score
0.036
Published
2017-01-23
CVE-2016-6671
The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.
CVSS Score
7.8
EPSS Score
0.006
Published
2016-12-23
CVE-2016-6881
The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.
CVSS Score
5.5
EPSS Score
0.004
Published
2016-12-23
CVE-2016-7122
The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.
CVSS Score
5.5
EPSS Score
0.002
Published
2016-12-23
CVE-2016-7450
The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.
CVSS Score
7.8
EPSS Score
0.002
Published
2016-12-23
CVE-2016-7502
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.
CVSS Score
7.8
EPSS Score
0.003
Published
2016-12-23
CVE-2016-7555
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.
CVSS Score
5.5
EPSS Score
0.003
Published
2016-12-23
CVE-2016-7562
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.
CVSS Score
5.5
EPSS Score
0.006
Published
2016-12-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved