Aggregates CVE and security vulnerability intelligence across all FFmpeg-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk memory corruption and related problems; some flaws may lead to vendor impact unexpected behavior, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-51796 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame. | [email protected] | 3.6 | 0.25% | 2024-04-19 | 2026-06-17 |
| CVE-2023-51795 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame | [email protected] | 8.0 | 0.27% | 2024-04-19 | 2026-06-17 |
| CVE-2023-51793 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. | [email protected] | 7.8 | 0.32% | 2024-04-19 | 2026-06-17 |
| CVE-2023-51791 | Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map. | [email protected] | 7.8 | 0.28% | 2024-04-19 | 2026-06-17 |
| CVE-2023-50010 | FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component. | [email protected] | 7.8 | 0.48% | 2024-04-19 | 2026-06-17 |
| CVE-2023-50009 | FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component. | [email protected] | 8.0 | 0.44% | 2024-04-19 | 2026-06-17 |
| CVE-2023-50008 | FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component. | [email protected] | 7.8 | 0.37% | 2024-04-19 | 2026-06-17 |
| CVE-2023-50007 | FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. | [email protected] | 4.0 | 0.35% | 2024-04-19 | 2026-06-17 |
| CVE-2023-49502 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. | [email protected] | 8.8 | 1.53% | 2024-04-19 | 2026-06-17 |
| CVE-2023-49501 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. | [email protected] | 8.0 | 0.39% | 2024-04-19 | 2026-06-17 |
| CVE-2024-31585 | FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | [email protected] | 5.3 | 0.28% | 2024-04-17 | 2026-06-17 |
| CVE-2024-31582 | FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. | [email protected] | 7.8 | 0.34% | 2024-04-17 | 2026-06-17 |
| CVE-2024-31581 | FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application. | [email protected] | 9.8 | 1.10% | 2024-04-17 | 2026-06-17 |
| CVE-2024-31578 | FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. | [email protected] | 7.5 | 0.97% | 2024-04-17 | 2026-06-17 |
| CVE-2023-49528 | Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. | [email protected] | 8.0 | 0.39% | 2024-04-12 | 2026-06-17 |
| CVE-2024-22861 | Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | [email protected] | 7.5 | 0.61% | 2024-01-27 | 2026-06-17 |
| CVE-2024-22862 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | [email protected] | 9.8 | 1.19% | 2024-01-27 | 2026-06-17 |
| CVE-2024-22860 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | [email protected] | 9.8 | 1.13% | 2024-01-27 | 2026-06-17 |
| CVE-2023-47470 | Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c | [email protected] | 7.8 | 0.69% | 2023-11-15 | 2026-06-17 |
| CVE-2023-46407 | FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. | [email protected] | 5.5 | 0.30% | 2023-10-27 | 2026-06-17 |