CVE-2020-20451
https://notcve.org/view.php?id=CVE-2020-20451
Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c. Un Problema de Denegación de Servicio en FFmpeg versión 4.2, debido a errores de administración de recursos por medio del archivo fftools/cmdutils.c • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html https://trac.ffmpeg.org/ticket/8094 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2020-20446
https://notcve.org/view.php?id=CVE-2020-20446
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. FFmpeg versión 4.2 está afectado por un problema Divide By Zero por medio del archivo libavcodec/aacpsy.c, que permite a un usuario malicioso remoto causar una Denegación de Servicio • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html https://trac.ffmpeg.org/ticket/7995 https://www.debian.org/security/2021/dsa-4990 https://www.debian.org/security/2021/dsa-4998 • CWE-369: Divide By Zero •
CVE-2020-20445
https://notcve.org/view.php?id=CVE-2020-20445
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html https://trac.ffmpeg.org/ticket/7996 https://www.debian.org/security/2021/dsa-4990 https://www.debian.org/security/2021/dsa-4998 • CWE-369: Divide By Zero •
CVE-2020-21041
https://notcve.org/view.php?id=CVE-2020-21041
Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service Una vulnerabilidad de Desbordamiento de Búfer se presenta en FFmpeg versión 4.1, por medio de la función apng_do_inverse_blend en la biblioteca libavcodec/pngenc.c, que podría permitir a un usuario malicioso remoto causar una Denegación de Servicio • https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html https://trac.ffmpeg.org/ticket/7989 https://www.debian.org/security/2021/dsa-4990 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-23376 – Arbitrary Command Injection
https://notcve.org/view.php?id=CVE-2021-23376
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Esto afecta a todas las versiones del paquete ffmpegdotjs. Si es proporcionada una entrada de usuario controlada por un atacante para la función trimvideo, es posible para un atacante ejecutar comandos arbitrarios. • https://github.com/TRomesh/ffmpegdotjs/blob/b7395daf0bdcb81218340427eb7073cdd28462af/index.js%23L219 https://snyk.io/vuln/SNYK-JS-FFMPEGDOTJS-1078542 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •