CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38171 – Gentoo Linux Security Advisory 202312-14
https://notcve.org/view.php?id=CVE-2021-38171
21 Aug 2021 — adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. La función adts_decode_extradata en el archivo libavformat/adtsenc.c en Ffmpeg versión 4.4, no comprueba el valor de retorno de init_get_bits, que es un paso necesario porque el segundo argumento de init_get_bits puede ser diseñado. It was discovered that FFmpeg would attempt to divide by zero when using Linear Pred... • https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2021-38291 – Gentoo Linux Security Advisory 202312-14
https://notcve.org/view.php?id=CVE-2021-38291
12 Aug 2021 — FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. Una versión de FFmpeg (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) sufre un fallo de aserción en el archivo src/libavutil/mathematics.c It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ub... • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38114 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2021-38114
04 Aug 2021 — libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. El archivo libavcodec/dnxhddec.c en FFmpeg versión 4.4 no comprueba el valor de retorno de la función init_vlc, un problema similar a CVE-2013-0868 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. • https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1 • CWE-252: Unchecked Return Value •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33815 – Gentoo Linux Security Advisory 202312-14
https://notcve.org/view.php?id=CVE-2021-33815
03 Jun 2021 — dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. Una función dwa_uncompress en el archivo libavcodec/exr.c en FFmpeg versión 4.4, permite un acceso a una matriz fuera de límites porque la función dc_count no es estrictamente comprobada Multiple vulnerabilities have been discovered in FFmpeg, the worst of which could lead to code execution. Versions greater than or equal to 6.0 are affected. • https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777 • CWE-129: Improper Validation of Array Index •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 2CVE-2021-30123 – Gentoo Linux Security Advisory 202105-24
https://notcve.org/view.php?id=CVE-2021-30123
07 Apr 2021 — FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. FFmpeg versiones anteriores a 4.3 incluyéndola, contiene una vulnerabilidad de desbordamiento de búfer en libavcodec por medio de un archivo diseñado que puede conducir a una ejecución de código remota Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. Versions less than 4.4 are affected. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=d6f293353c94c7ce200f6e0975ae3de49787f91f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-35965 – Gentoo Linux Security Advisory 202105-24
https://notcve.org/view.php?id=CVE-2020-35965
04 Jan 2021 — decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. La función decode_frame en la biblioteca libavcodec/exr.c en FFmpeg versión 4.3.1, presenta una escritura fuera de límites debido a errores en los cálculos de cuándo realiza operaciones memset zero. It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to ca... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 0CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
07 Dec 2005 — Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •