FFmpeg vulnerabilities: known CVEs & security history

FFmpeg · Media / Runtime · 481 tracked CVEs · 0 actively exploited · updated June 2026 · what is a CVE? →

This is the full list of known vulnerabilities (CVEs) across all FFmpeg release lines — 481 in total. A CVE here doesn't mean your version is affected — check FFmpeg's current status and the safe version to run.

481

known CVEs

actively exploited (KEV)

critical severity

ransomware-linked

Known FFmpeg CVEs

Actively-exploited and most-severe first. Showing the top 80 of 481. Open any CVE for full details.

CVE	Severity	CVSS	EPSS	Year
CVE-2024-35368	critical	9.8	1%	2024
CVE-2024-31581	critical	9.8	1%	2024
CVE-2024-22862	critical	9.8	1%	2024
CVE-2024-22860	critical	9.8	1%	2024
CVE-2021-38171	critical	9.8	2%	2021
CVE-2020-12284	critical	9.8	4%	2020
CVE-2019-17542	critical	9.8	2%	2019
CVE-2019-17539	critical	9.8	2%	2019
CVE-2019-12730	critical	9.8	3%	2019
CVE-2018-1999010	critical	9.8	3%	2018
CVE-2017-16840	critical	9.8	3%	2017
CVE-2013-0870	critical	9.8	1%	2017
CVE-2012-2781	critical	9.8	2%	2017
CVE-2012-2780	critical	9.8	2%	2017
CVE-2012-2778	critical	9.8	2%	2017
CVE-2012-2773	critical	9.8	2%	2017
CVE-2012-2771	critical	9.8	2%	2017
CVE-2017-7866	critical	9.8	3%	2017
CVE-2017-7865	critical	9.8	3%	2017
CVE-2017-7863	critical	9.8	3%	2017
CVE-2017-7862	critical	9.8	3%	2017
CVE-2017-7859	critical	9.8	2%	2017
CVE-2016-10192	critical	9.8	6%	2017
CVE-2016-10191	critical	9.8	7%	2017
CVE-2016-10190	critical	9.8	8%	2017
CVE-2016-6164	critical	9.8	2%	2017
CVE-2024-35367	critical	9.1	1%	2024
CVE-2024-35366	critical	9.1	1%	2024
CVE-2022-2566	critical	9	1%	2022
CVE-2013-0864	high	10	3%	2013
CVE-2013-4265	high	10	2%	2013
CVE-2013-0873	high	10	3%	2013
CVE-2013-0872	high	10	3%	2013
CVE-2011-3937	high	10	2%	2013
CVE-2012-2804	high	10	3%	2012
CVE-2012-2803	high	10	3%	2012
CVE-2012-2802	high	10	3%	2012
CVE-2012-2801	high	10	3%	2012
CVE-2012-2800	high	10	3%	2012
CVE-2012-2799	high	10	2%	2012
CVE-2012-2798	high	10	3%	2012
CVE-2012-2797	high	10	3%	2012
CVE-2012-2796	high	10	3%	2012
CVE-2012-2795	high	10	3%	2012
CVE-2012-2794	high	10	3%	2012
CVE-2012-2793	high	10	3%	2012
CVE-2012-2792	high	10	3%	2012
CVE-2012-2791	high	10	3%	2012
CVE-2012-2790	high	10	3%	2012
CVE-2012-2789	high	10	3%	2012
CVE-2012-2788	high	10	3%	2012
CVE-2012-2787	high	10	3%	2012
CVE-2012-2786	high	10	3%	2012
CVE-2012-2785	high	10	3%	2012
CVE-2012-2784	high	10	3%	2012
CVE-2012-2783	high	10	3%	2012
CVE-2012-2782	high	10	3%	2012
CVE-2012-2779	high	10	3%	2012
CVE-2012-2777	high	10	3%	2012
CVE-2012-2776	high	10	3%	2012
CVE-2012-2775	high	10	3%	2012
CVE-2012-2772	high	10	3%	2012
CVE-2011-2162	high	10	2%	2011
CVE-2009-4637	high	10	17%	2010
CVE-2009-4634	high	10	7%	2010
CVE-2009-4633	high	10	8%	2010
CVE-2008-4869	high	10	2%	2008
CVE-2008-4868	high	10	2%	2008
CVE-2008-4867	high	10	2%	2008
CVE-2008-4866	high	10	5%	2008
CVE-2013-0859	high	9.3	2%	2013
CVE-2013-0858	high	9.3	3%	2013
CVE-2013-0857	high	9.3	4%	2013
CVE-2013-0856	high	9.3	2%	2013
CVE-2013-0855	high	9.3	3%	2013
CVE-2013-0854	high	9.3	3%	2013
CVE-2013-0853	high	9.3	2%	2013
CVE-2013-0852	high	9.3	2%	2013
CVE-2013-0851	high	9.3	2%	2013
CVE-2013-0850	high	9.3	2%	2013

401 older / lower-severity CVEs not shown — see FFmpeg's full record.

Is my FFmpeg version affected?

The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.

Check your FFmpeg version → · Monitor FFmpeg for new CVEs →

FFmpeg vulnerabilities — frequently asked

How many known vulnerabilities does FFmpeg have?

IsItPatched tracks 481 CVEs for FFmpeg. 29 are critical-severity and 223 high-severity. These span every release line — what matters is whether the version you run is affected.

Does FFmpeg have any actively-exploited vulnerabilities?

None of FFmpeg's tracked CVEs are currently in CISA's KEV catalog — but new ones can be added at any time, so keep your version current.

What is the most severe FFmpeg vulnerability?

Among tracked issues, CVE-2024-35368 (CRITICAL, CVSS 9.8) ranks highest — a Double free weakness.

Is FFmpeg safe to use?

It depends on the version. The latest supported FFmpeg release (8.1.1) clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.

CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: FFmpeg security status · FFmpeg end-of-life · actively-exploited CVEs. Always verify against FFmpeg's advisories — see our disclaimer.