Aggregates CVE and security vulnerability intelligence across all Libav-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk buffer overflow, vendor risk memory corruption, and vendor risk input validation; exposure may include vendor impact memory corruption in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2016-3062 | The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. | [email protected] | 8.8 | 4.05% | 2016-06-16 | 2026-06-16 |
| CVE-2015-5479 | The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. | [email protected] | 6.5 | 1.98% | 2016-04-19 | 2026-06-16 |
| CVE-2015-3395 | The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. | [email protected] | 6.8 | 2.39% | 2015-06-16 | 2026-06-16 |
| CVE-2014-5271 | Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. | [email protected] | 7.5 | 4.70% | 2014-11-03 | 2026-06-16 |
| CVE-2014-3984 | Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors. | [email protected] | 10.0 | 4.01% | 2014-06-06 | 2026-06-16 |
| CVE-2011-3937 | The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads." | [email protected] | 10.0 | 2.27% | 2013-01-04 | 2026-06-16 |
| CVE-2012-5144 | Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN." | [email protected] | 10.0 | 3.50% | 2012-12-12 | 2026-06-16 |
| CVE-2012-2804 | Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width. | [email protected] | 10.0 | 3.06% | 2012-09-10 | 2026-06-16 |
| CVE-2012-2803 | Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value. | [email protected] | 10.0 | 3.33% | 2012-09-10 | 2026-06-16 |
| CVE-2012-2802 | Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes." | [email protected] | 10.0 | 2.85% | 2012-09-10 | 2026-06-16 |
| CVE-2012-2801 | Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes." | [email protected] | 10.0 | 2.97% | 2012-09-10 | 2026-06-16 |
| CVE-2012-2800 | Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array." | [email protected] | 10.0 | 2.89% | 2012-09-10 | 2026-06-16 |
| CVE-2012-2798 | Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write." | [email protected] | 10.0 | 2.89% | 2012-09-10 | 2026-06-16 |
| CVE-2012-2797 | Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough." | [email protected] | 10.0 | 2.55% | 2012-09-10 | 2026-06-16 |
| CVE-2012-2796 | Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes." | [email protected] | 10.0 | 2.89% | 2012-09-10 | 2026-06-16 |
| CVE-2012-2794 | Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters." | [email protected] | 10.0 | 2.93% | 2012-09-10 | 2026-06-16 |
| CVE-2012-2793 | Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros." | [email protected] | 10.0 | 2.93% | 2012-09-10 | 2026-06-16 |
| CVE-2012-2791 | Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size." | [email protected] | 10.0 | 2.86% | 2012-09-10 | 2026-06-16 |
| CVE-2012-2790 | Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode." | [email protected] | 10.0 | 2.93% | 2012-09-10 | 2026-06-16 |
| CVE-2012-2789 | Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs). | [email protected] | 10.0 | 2.93% | 2012-09-10 | 2026-06-16 |