Michael Niedermayer

78 exploits Active since Nov 2013
CVE-2025-10256 WRITEUP MEDIUM WRITEUP
FFmpeg - DoS
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service.
CVSS 5.3
CVE-2013-4263 WRITEUP WRITEUP
Ffmpeg < 2.0 - Memory Corruption
libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write.
CVE-2013-4264 WRITEUP WRITEUP
Ffmpeg < 2.0 - Memory Corruption
The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.
CVE-2013-4265 WRITEUP WRITEUP
Ffmpeg < 2.0 - NULL Pointer Dereference
The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference.
CVE-2015-3417 WRITEUP WRITEUP
FFmpeg <2.3.6 - Use After Free
Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.
CVE-2016-8675 WRITEUP MEDIUM WRITEUP
Libav <11.9 - DoS
The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection.
CVSS 5.5
CVE-2017-11399 WRITEUP HIGH WRITEUP
Ffmpeg < 3.3.2 - Out-of-Bounds Read
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.
CVSS 7.8
CVE-2017-11665 WRITEUP HIGH WRITEUP
FFmpeg <3.3.2 - DoS
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.
CVSS 7.5
CVE-2017-11719 WRITEUP HIGH WRITEUP
FFmpeg <3.3.2 - DoS
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.
CVSS 7.8
CVE-2017-14055 WRITEUP MEDIUM WRITEUP
FFmpeg 3.3.3 - DoS
In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.
CVSS 6.5
CVE-2017-14058 WRITEUP MEDIUM WRITEUP
FFmpeg <3.3.3 - DoS
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).
CVSS 6.5
CVE-2017-14222 WRITEUP MEDIUM WRITEUP
FFmpeg 3.3.3 - DoS
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.
CVSS 6.5
CVE-2017-14223 WRITEUP MEDIUM WRITEUP
FFmpeg 3.3.3 - DoS
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.
CVSS 6.5
CVE-2017-14225 WRITEUP HIGH WRITEUP
FFmpeg 3.3.3 - Use After Free
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)
CVSS 8.8
CVE-2017-14767 WRITEUP HIGH WRITEUP
FFmpeg <3.3.4 - DoS
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.
CVSS 8.8
CVE-2017-15672 WRITEUP HIGH WRITEUP
Ffmpeg < 3.3.4 - Out-of-Bounds Read
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
CVSS 8.8
CVE-2017-16803 WRITEUP HIGH WRITEUP
Libav <12.1 - DoS
In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.
CVSS 7.5
CVE-2017-17081 WRITEUP MEDIUM WRITEUP
FFmpeg <3.5 - DoS
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.
CVSS 6.5
CVE-2017-7862 WRITEUP CRITICAL WRITEUP
Ffmpeg < 2.8.10 - Out-of-Bounds Write
FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.
CVSS 9.8
CVE-2017-7863 WRITEUP CRITICAL WRITEUP
Ffmpeg < 2.8.10 - Out-of-Bounds Write
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.
CVSS 9.8
CVE-2017-7865 WRITEUP CRITICAL WRITEUP
Ffmpeg < 2.8.9 - Out-of-Bounds Write
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.
CVSS 9.8
CVE-2017-7866 WRITEUP CRITICAL WRITEUP
Ffmpeg < 2.8.9 - Out-of-Bounds Write
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.
CVSS 9.8
CVE-2017-9990 WRITEUP HIGH WRITEUP
Ffmpeg < 3.3 - Memory Corruption
Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
CVSS 8.8
CVE-2017-9991 WRITEUP HIGH WRITEUP
Ffmpeg < 2.8.11 - Memory Corruption
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
CVSS 7.8
CVE-2017-9992 WRITEUP HIGH WRITEUP
Ffmpeg < 2.8.12 - Memory Corruption
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
CVSS 8.8