Michael Niedermayer

79 exploits Active since Nov 2013
CVE-2019-11338 WRITEUP HIGH WRITEUP
FFmpeg <4.1.2 - DoS
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
CVSS 8.8
CVE-2019-11339 WRITEUP HIGH WRITEUP
FFmpeg <4.0.4, <4.1.2 - DoS
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
CVSS 8.8
CVE-2019-12730 WRITEUP CRITICAL WRITEUP
Ffmpeg < 3.2.14 - Use of Uninitialized Resource
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.
CVSS 9.8
CVE-2019-17539 WRITEUP CRITICAL WRITEUP
Ffmpeg < 3.4.7 - NULL Pointer Dereference
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
CVSS 9.8
CVE-2019-17542 WRITEUP CRITICAL WRITEUP
Ffmpeg < 2.8.16 - Out-of-Bounds Write
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
CVSS 9.8
CVE-2019-9718 WRITEUP MEDIUM WRITEUP
FFmpeg <4.1 - DoS
In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.
CVSS 6.5
CVE-2019-9721 WRITEUP MEDIUM WRITEUP
FFmpeg 3.2-4.1 - DoS
A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.
CVSS 6.5
CVE-2020-12284 WRITEUP CRITICAL WRITEUP
Ffmpeg - Out-of-Bounds Write
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
CVSS 9.8
CVE-2020-35964 WRITEUP MEDIUM WRITEUP
Ffmpeg - Out-of-Bounds Write
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.
CVSS 6.5
CVE-2020-35965 WRITEUP HIGH WRITEUP
Ffmpeg < 4.4 - Out-of-Bounds Write
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.
CVSS 7.5
CVE-2020-36138 WRITEUP HIGH WRITEUP
Ffmpeg - NULL Pointer Dereference
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).
CVSS 7.5
CVE-2021-33815 WRITEUP HIGH WRITEUP
Ffmpeg - Improper Array Index Validation
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.
CVSS 8.8
CVE-2021-38171 WRITEUP CRITICAL WRITEUP
FFmpeg 4.4 - Buffer Overflow
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
CVSS 9.8
CVE-2022-2566 WRITEUP CRITICAL WRITEUP
FFMPEG <5.1 - RCE
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05
CVSS 9.0
CVE-2022-3341 WRITEUP MEDIUM WRITEUP
FFmpeg - Null Pointer Dereference
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
CVSS 5.3
CVE-2023-47470 WRITEUP HIGH WRITEUP
Ffmpeg - Out-of-Bounds Write
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c
CVSS 7.8
CVE-2023-50010 WRITEUP HIGH WRITEUP
Ffmpeg < 7.0 - Buffer Overflow
FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.
CVSS 7.8
CVE-2024-22860 WRITEUP CRITICAL WRITEUP
FFmpeg <n6.1 - RCE
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
CVSS 9.8
CVE-2024-22862 WRITEUP CRITICAL WRITEUP
FFmpeg <n6.1 - RCE
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
CVSS 9.8
CVE-2024-31581 WRITEUP CRITICAL WRITEUP
Ffmpeg - Improper Array Index Validation
FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.
CVSS 9.8
CVE-2024-31582 WRITEUP HIGH WRITEUP
Ffmpeg < 7.0 - Heap Buffer Overflow
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.
CVSS 7.8
CVE-2024-31585 WRITEUP MEDIUM WRITEUP
Ffmpeg < 7.0 - Denial of Service
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS 5.3
CVE-2024-31585 WRITEUP MEDIUM WRITEUP
Ffmpeg < 7.0 - Denial of Service
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS 5.3
CVE-2024-35366 WRITEUP CRITICAL WRITEUP
Ffmpeg - Integer Overflow
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
CVSS 9.1
CVE-2024-36613 WRITEUP MEDIUM WRITEUP
FFmpeg n6.1.1 - DoS
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
CVSS 6.2