NotCVE - vendor:"Ffmpeg" product:"Ffmpeg" version:" >= 4.1

Page 2 of 25 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-20448

https://notcve.org/view.php?id=CVE-2020-20448

25 May 2021 — FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. FFmpeg versión 4.1.3 está afectado por un problema Divide By Zero por medio del archivo libavcodec/ratecontrol.c, que permite a un usuario malicioso remoto causar una Denegación de Servicio • https://trac.ffmpeg.org/ticket/7990 • CWE-369: Divide By Zero •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2020-21041 – Debian Security Advisory 4990-1

https://notcve.org/view.php?id=CVE-2020-21041

24 May 2021 — Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service Una vulnerabilidad de Desbordamiento de Búfer se presenta en FFmpeg versión 4.1, por medio de la función apng_do_inverse_blend en la biblioteca libavcodec/pngenc.c, que podría permitir a un usuario malicioso remoto causar una Denegación de Servicio It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Codin... • https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2020-13904 – Debian Security Advisory 4722-1

https://notcve.org/view.php?id=CVE-2020-13904

07 Jun 2020 — FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. FFmpeg versión 2.8 y versión 4.2.3, presenta un uso de la memoria previamente liberada por medio de una duración EXTINF diseñada en un archivo m3u8 porque la función parse_playlist en la biblioteca libavformat/hls.c libera un puntero, y luego este puntero es accedido en la fun... • https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2 • CWE-416: Use After Free •

CVSS: 10.0EPSS: 5%CPEs: 6EXPL: 1

CVE-2020-12284 – Debian Security Advisory 4722-1

https://notcve.org/view.php?id=CVE-2020-12284

28 Apr 2020 — cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. En la función cbs_jpeg_split_fragment en el archivo libavcodec/cbs_jpeg.c en FFmpeg versión 4.1 y versión 4.2.2, presenta un desbordamiento del búfer en la región heap de la memoria durante el manejo de JPEG_MARKER_SOS debido a una falta de comprobación de longitud It was discovered that FFmpeg incorrectly verified empty audio packets or... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2019-17539 – Debian Security Advisory 4722-1

https://notcve.org/view.php?id=CVE-2019-17539

14 Oct 2019 — In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. En FFmpeg versiones anteriores a 4.2, la función avcodec_open2 en el archivo libavcodec/utils.c permite una desreferencia del puntero NULL y posiblemente otro impacto no especificado cuando no existe un puntero de función de cierre válido. It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacke... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733 • CWE-476: NULL Pointer Dereference •

CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2019-17542 – Debian Security Advisory 4722-1

https://notcve.org/view.php?id=CVE-2019-17542

14 Oct 2019 — FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. FFmpeg versiones anteriores a 4.2, presenta un desbordamiento de búfer en la región heap de la memoria en la función vqa_decode_chunk debido a un acceso fuera de la matriz en la función vqa_decode_init en el archivo libavcodec/vqavideo.c. It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this is... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-15942 – Gentoo Linux Security Advisory 202007-58

https://notcve.org/view.php?id=CVE-2019-15942

05 Sep 2019 — FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. FFmpeg hasta la versión 4.2 tiene un problema de "Conditional jump or move depends on uninitialised value" en h2645_parse porque alloc_rbsp_buffer en libavcodec/h2645_parse.c gestiona de manera incorrecta rbsp_buffer. Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution o... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html • CWE-252: Unchecked Return Value •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-13390 – Debian Security Advisory 4722-1

https://notcve.org/view.php?id=CVE-2019-13390

07 Jul 2019 — In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. En FFmpeg versión 4.1.3, hay una división por cero en adx_write_trailer en libavformat/rawenc.c. It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected Ubuntu 16.04 LTS, as it was already fixed in Ubuntu 18.04 LTS. • http://www.securityfocus.com/bid/109090 • CWE-369: Divide By Zero •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-13312 – Gentoo Linux Security Advisory 202007-58

https://notcve.org/view.php?id=CVE-2019-13312

05 Jul 2019 — block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. block_cmp() in libavcodec/zmbvenc.c en FFmpeg versión 4.1.3 tiene una sobrelectura de búfer basada en memoria dinámica (heap) It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected Ubuntu 16.04 LTS, as it was already fixed in Ubuntu 18.04 LTS. • https://security.gentoo.org/glsa/202003-65 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-11339

https://notcve.org/view.php?id=CVE-2019-11339

18 Apr 2019 — The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data. Studio profile decoder en libavcodec/mpeg4videodec.c en FFmpeg versiones 4.0 anteriores a 4.0.4 y 4.1 anteriores a 4.1.2 permite a los atacantes remotos causar una denegación de servicio (out-of-array access) o posiblemente tener otro impacto no especificado ... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html • CWE-125: Out-of-bounds Read •

1 2 3