pkg:Alpine/ffmpeg

42 total CVEsCRITICAL4HIGH17MEDIUM21

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2016-10192Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows rem…
    from 0, < 2.8.11-r0
  • CRITICAL9.8CVE-2016-10191Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2…
    from 0, < 2.8.11-r0
  • CRITICAL9.8CVE-2016-10190Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 al…
    from 0, < 2.8.11-r0
  • CRITICAL9.8CVE-2016-6164Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 all…
    from 0, < 2.8.11-r0
  • HIGH8.8CVE-2017-14767The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, w…
    from 0, < 3.1.11-r0
  • HIGH8.8CVE-2017-14225The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a f…
    from 0, < 3.1.11-r0
  • HIGH8.8CVE-2017-14169In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted…
    from 0, < 3.1.11-r0
  • HIGH8.8CVE-2017-9992Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8,…
    from 0, < 3.1.8-r0
  • HIGH8.8CVE-2016-5199An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for…
    from 0, < 3.0.7-r0
  • HIGH8.8CVE-2016-2330libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of servi…
    from 0, < 2.8.11-r0
  • HIGH8.8CVE-2016-2329libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which al…
    from 0, < 2.8.11-r0
  • HIGH8.8CVE-2016-2328libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a deni…
    from 0, < 2.8.11-r0
  • HIGH7.8CVE-2017-11719The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service…
    from 0, < 3.1.10-r0
  • HIGH7.8CVE-2017-11399ffmpeg - security update
    from 0, < 3.1.10-r0
  • HIGH7.8CVE-2017-9996The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2…
    from 0, < 3.1.8-r0
  • HIGH7.8CVE-2017-9994libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensu…
    from 0, < 3.1.8-r0
  • HIGH7.8CVE-2017-9991Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x befor…
    from 0, < 3.1.8-r0
  • HIGH7.8CVE-2016-7502The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding wi…
    from 0, < 2.8.11-r0
  • HIGH7.8CVE-2016-7450The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a…
    from 0, < 2.8.11-r0
  • HIGH7.5CVE-2017-11665The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segme…
    from 0, < 3.1.10-r0
  • HIGH7.5CVE-2017-9993FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streami…
    from 0, < 3.1.9-r0
  • MEDIUM6.5CVE-2017-9608The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer derefer…
    from 0, < 3.2.6-r0
  • MEDIUM6.5CVE-2017-15186ffmpeg - security update
    from 0, < 3.1.11-r1
  • MEDIUM6.5CVE-2017-14223In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU…
    from 0, < 3.1.11-r0
  • MEDIUM6.5CVE-2017-14222In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consum…
    from 0, < 3.1.11-r0
  • MEDIUM6.5CVE-2017-14171In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause hug…
    from 0, < 3.1.11-r0
  • MEDIUM6.5CVE-2017-14170In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause…
    from 0, < 3.1.11-r0
  • MEDIUM6.5CVE-2017-14059In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption.
    from 0, < 3.1.11-r0
  • MEDIUM6.5CVE-2017-14058In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allo…
    from 0, < 3.1.11-r0
  • MEDIUM6.5CVE-2017-14057In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption.
    from 0, < 3.1.11-r0
  • MEDIUM6.5CVE-2017-14056In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory…
    from 0, < 3.1.11-r0
  • MEDIUM6.5CVE-2017-14055libav - security update
    from 0, < 3.1.11-r0
  • MEDIUM6.5CVE-2017-14054ffmpeg - security update
    from 0, < 3.1.11-r0
  • MEDIUM6.5CVE-2016-2213The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (…
    from 0, < 2.8.11-r0
  • MEDIUM5.5CVE-2017-5025FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote…
    from 0, < 2.8.11-r0
  • MEDIUM5.5CVE-2017-5024FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote…
    from 0, < 2.8.11-r0
  • MEDIUM5.5CVE-2016-7905The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointe…
    from 0, < 2.8.11-r0
  • MEDIUM5.5CVE-2016-7785The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert faul…
    from 0, < 2.8.11-r0
  • MEDIUM5.5CVE-2016-7562The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer o…
    from 0, < 2.8.11-r0
  • MEDIUM5.5CVE-2016-7555The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has…
    from 0, < 3.0.7-r0
  • MEDIUM5.5CVE-2016-7122The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that…
    from 0, < 2.8.11-r0
  • MEDIUM5.5CVE-2016-6881The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service…
    from 0, < 2.8.11-r0