CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-20446 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2020-20446
25 May 2021 — FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. FFmpeg versión 4.2 está afectado por un problema Divide By Zero por medio del archivo libavcodec/aacpsy.c, que permite a un usuario malicioso remoto causar una Denegación de Servicio Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/s... • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-20445 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2020-20445
25 May 2021 — FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. It was discovered that FFmpeg incorrectly handled certain input. • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-21041 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2020-21041
24 May 2021 — Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service Una vulnerabilidad de Desbordamiento de Búfer se presenta en FFmpeg versión 4.1, por medio de la función apng_do_inverse_blend en la biblioteca libavcodec/pngenc.c, que podría permitir a un usuario malicioso remoto causar una Denegación de Servicio It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Codin... • https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 2CVE-2021-30123 – Gentoo Linux Security Advisory 202105-24
https://notcve.org/view.php?id=CVE-2021-30123
07 Apr 2021 — FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. FFmpeg versiones anteriores a 4.3 incluyéndola, contiene una vulnerabilidad de desbordamiento de búfer en libavcodec por medio de un archivo diseñado que puede conducir a una ejecución de código remota Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. Versions less than 4.4 are affected. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=d6f293353c94c7ce200f6e0975ae3de49787f91f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2020-24995
https://notcve.org/view.php?id=CVE-2020-24995
30 Mar 2021 — Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). Una vulnerabilidad de desbordamiento del búfer en la función sniff_channel_order en el archivo aacdec_template.c en ffmpeg versión 3.1.2, permite a atacantes ejecutar código arbitrario (local). • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=d6f293353c94c7ce200f6e0975ae3de49787f91f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-35965 – Gentoo Linux Security Advisory 202105-24
https://notcve.org/view.php?id=CVE-2020-35965
04 Jan 2021 — decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. La función decode_frame en la biblioteca libavcodec/exr.c en FFmpeg versión 4.3.1, presenta una escritura fuera de límites debido a errores en los cálculos de cuándo realiza operaciones memset zero. It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to ca... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35964 – Gentoo Linux Security Advisory 202105-24
https://notcve.org/view.php?id=CVE-2020-35964
03 Jan 2021 — track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. La función track_header en la biblioteca libavformat/vividas.c en FFmpeg versión 4.3.1, presenta una escritura fuera de límites debido al empaquetado extradata incorrecto. Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. Versions less than 4.4 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26622 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14212 – Gentoo Linux Security Advisory 202007-58
https://notcve.org/view.php?id=CVE-2020-14212
16 Jun 2020 — FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. FFmpeg versiones hasta 4.3, presentan un desbordamiento de búfer en la región heap de la memoria en la función avio_get_str en la biblioteca libavformat/aviobuf.c porque el archivo dnn_backend_native.c llama a ff_dnn_load_model_native y se omite una determinada comprobación de índice Multiple vulnerabilities have been f... • https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=1463 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2020-13904 – Debian Security Advisory 4722-1
https://notcve.org/view.php?id=CVE-2020-13904
07 Jun 2020 — FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. FFmpeg versión 2.8 y versión 4.2.3, presenta un uso de la memoria previamente liberada por medio de una duración EXTINF diseñada en un archivo m3u8 porque la función parse_playlist en la biblioteca libavformat/hls.c libera un puntero, y luego este puntero es accedido en la fun... • https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 1CVE-2020-12284 – Debian Security Advisory 4722-1
https://notcve.org/view.php?id=CVE-2020-12284
28 Apr 2020 — cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. En la función cbs_jpeg_split_fragment en el archivo libavcodec/cbs_jpeg.c en FFmpeg versión 4.1 y versión 4.2.2, presenta un desbordamiento del búfer en la región heap de la memoria durante el manejo de JPEG_MARKER_SOS debido a una falta de comprobación de longitud It was discovered that FFmpeg incorrectly verified empty audio packets or... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734 • CWE-787: Out-of-bounds Write •