Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:ffmpeg:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductFfmpeg (de2c4ce1-b78e-5639-9767-7970c6228732)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-1816 vulnerable 2026-06-08 07:08:38.208093 FFmpeg IAMF File iamf_parse.c audio_element_obu memory leak
MEDIUM (4.3)
A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.
Published: 2025-03-02T14:00:07.515Z
Updated: 2025-03-03T20:12:37.842Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-1594 vulnerable 2026-06-08 07:08:37.363473 FFmpeg AAC Encoder aacenc_tns.c ff_aac_search_for_tns stack-based overflow
MEDIUM (6.3)
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-02-23T21:00:13.152Z
Updated: 2025-02-24T12:03:02.141Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-1373 vulnerable 2026-06-08 07:08:36.668741 FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference
LOW (3.3)
A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue.
Published: 2025-02-17T03:31:05.119Z
Updated: 2025-02-18T15:53:38.652Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-7272 vulnerable 2026-06-08 06:58:21.722545 FFmpeg swresample.c fill_audiodata heap-based overflow
MEDIUM (6.3)
A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component.
Published: 2024-08-08T20:24:10.987Z
Updated: 2024-08-09T17:22:37.764Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-7055 vulnerable 2026-06-08 06:58:21.120737 FFmpeg pnmdec.c pnm_decode_frame heap-based overflow
MEDIUM (6.3)
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.
Published: 2024-08-06T06:00:10.659Z
Updated: 2025-11-03T22:32:48.492Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-3341 vulnerable 2026-06-08 05:48:20.602200 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-3109 vulnerable 2026-06-08 05:47:19.467813 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-1475 vulnerable 2026-06-08 05:39:13.301399 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-3566 vulnerable 2026-06-08 05:33:52.806119 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.