Michael Niedermayer

80 exploits Active since Nov 2013
CVE-2018-7557 WRITEUP MEDIUM WRITEUP
FFmpeg 2.8-3.4.2 - Out-of-bounds Read in utvideodec.c
The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.
CVSS 6.5
CVE-2019-11338 WRITEUP HIGH WRITEUP
FFmpeg 3.4 and 4.1.2 - Denial of Service via HEVC Duplicate First Slice Detection
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
CVSS 8.8
CVE-2019-11339 WRITEUP HIGH WRITEUP
FFmpeg 4.0-4.0.4 - Out-of-bounds Read in Studio Profile Decoder
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
CVSS 8.8
CVE-2019-12730 WRITEUP CRITICAL WRITEUP
FFmpeg < 3.2.14 and 4.x < 4.1.4 - Use of Uninitialized Resource in aa_read_header
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.
CVSS 9.8
CVE-2019-17539 WRITEUP CRITICAL WRITEUP
FFmpeg < 4.2 - NULL Pointer Dereference in avcodec_open2
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
CVSS 9.8
CVE-2019-17542 WRITEUP CRITICAL WRITEUP
FFmpeg < 4.2 - Heap-Based Buffer Overflow in vqa_decode_init
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
CVSS 9.8
CVE-2019-9718 WRITEUP MEDIUM WRITEUP
FFmpeg 3.2 and 4.1 - Denial of Service via Matroska Subtitle Decoder
In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.
CVSS 6.5
CVE-2019-9721 WRITEUP MEDIUM WRITEUP
FFmpeg 3.2 and 4.1 - Denial of Service via Matroska Subtitle Decoder
A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.
CVSS 6.5
CVE-2020-12284 WRITEUP CRITICAL WRITEUP
FFmpeg 4.1 and 4.2.2 - Heap-Based Buffer Overflow in cbs_jpeg_split_fragment
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
CVSS 9.8
CVE-2020-35964 WRITEUP MEDIUM WRITEUP
FFmpeg 4.3.1 - Out-of-bounds Write in track_header
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.
CVSS 6.5
CVE-2020-35965 WRITEUP HIGH WRITEUP
FFmpeg 4.3.1 - Out-of-bounds Write in libavcodec/exr.c decode_frame
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.
CVSS 7.5
CVE-2020-36138 WRITEUP HIGH WRITEUP
FFmpeg 4.3 - Denial of Service via TIFF Frame Decoding
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).
CVSS 7.5
CVE-2021-33815 WRITEUP HIGH WRITEUP
FFmpeg 4.4 - Out-of-Bounds Array Access in dwa_uncompress
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.
CVSS 8.8
CVE-2021-38171 WRITEUP CRITICAL WRITEUP
FFmpeg 4.4 - Denial of Service via Unchecked Return Value in adts_decode_extradata
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
CVSS 9.8
CVE-2022-2566 WRITEUP CRITICAL WRITEUP
FFMPEG <5.1 - Remote Code Execution
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05
CVSS 9.0
CVE-2022-3341 WRITEUP MEDIUM WRITEUP
FFmpeg - Null Pointer Dereference
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
CVSS 5.3
CVE-2023-47470 WRITEUP HIGH WRITEUP
FFmpeg - Out-of-bounds Write in ref_pic_list_struct
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c
CVSS 7.8
CVE-2023-50010 WRITEUP HIGH WRITEUP
FFmpeg 6.1-3-g466799d4f5 - Buffer Overflow in ff_gradfun_blur_line_movdqa_sse2
FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.
CVSS 7.8
CVE-2024-22860 WRITEUP CRITICAL WRITEUP
FFmpeg < 6.1 - Remote Code Execution via JPEG XL Animation Decoder Integer Overflow
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
CVSS 9.8
CVE-2024-22862 WRITEUP CRITICAL WRITEUP
FFmpeg < 6.1 - Remote Code Execution via JJPEG XL Parser Integer Overflow
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
CVSS 9.8
CVE-2024-31581 WRITEUP CRITICAL WRITEUP
FFmpeg n6.1 - Improper Validation of Array Index in libavcodec/cbs_h266_syntax_template.c
FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.
CVSS 9.8
CVE-2024-31582 WRITEUP HIGH WRITEUP
FFmpeg 6.1 - Heap-based Buffer Overflow in draw_block_rectangle
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.
CVSS 7.8
CVE-2024-31585 WRITEUP MEDIUM WRITEUP
FFmpeg 5.1-6.1 - Denial of Service via Off-by-one Error in libavfilter/avf_showspectrum.c
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS 5.3
CVE-2024-31585 WRITEUP MEDIUM WRITEUP
FFmpeg 5.1-6.1 - Denial of Service via Off-by-one Error in libavfilter/avf_showspectrum.c
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS 5.3
CVE-2024-35366 WRITEUP CRITICAL WRITEUP
FFmpeg n6.1.1 - Integer Overflow in libavformat parse_options
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
CVSS 9.1