CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-20448
https://notcve.org/view.php?id=CVE-2020-20448
25 May 2021 — FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. FFmpeg versión 4.1.3 está afectado por un problema Divide By Zero por medio del archivo libavcodec/ratecontrol.c, que permite a un usuario malicioso remoto causar una Denegación de Servicio • https://trac.ffmpeg.org/ticket/7990 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2020-13904 – Debian Security Advisory 4722-1
https://notcve.org/view.php?id=CVE-2020-13904
07 Jun 2020 — FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. FFmpeg versión 2.8 y versión 4.2.3, presenta un uso de la memoria previamente liberada por medio de una duración EXTINF diseñada en un archivo m3u8 porque la función parse_playlist en la biblioteca libavformat/hls.c libera un puntero, y luego este puntero es accedido en la fun... • https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 5%CPEs: 6EXPL: 1CVE-2020-12284 – Debian Security Advisory 4722-1
https://notcve.org/view.php?id=CVE-2020-12284
28 Apr 2020 — cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. En la función cbs_jpeg_split_fragment en el archivo libavcodec/cbs_jpeg.c en FFmpeg versión 4.1 y versión 4.2.2, presenta un desbordamiento del búfer en la región heap de la memoria durante el manejo de JPEG_MARKER_SOS debido a una falta de comprobación de longitud It was discovered that FFmpeg incorrectly verified empty audio packets or... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-17539 – Debian Security Advisory 4722-1
https://notcve.org/view.php?id=CVE-2019-17539
14 Oct 2019 — In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. En FFmpeg versiones anteriores a 4.2, la función avcodec_open2 en el archivo libavcodec/utils.c permite una desreferencia del puntero NULL y posiblemente otro impacto no especificado cuando no existe un puntero de función de cierre válido. It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacke... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-17542 – Debian Security Advisory 4722-1
https://notcve.org/view.php?id=CVE-2019-17542
14 Oct 2019 — FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. FFmpeg versiones anteriores a 4.2, presenta un desbordamiento de búfer en la región heap de la memoria en la función vqa_decode_chunk debido a un acceso fuera de la matriz en la función vqa_decode_init en el archivo libavcodec/vqavideo.c. It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this is... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15942 – Gentoo Linux Security Advisory 202007-58
https://notcve.org/view.php?id=CVE-2019-15942
05 Sep 2019 — FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. FFmpeg hasta la versión 4.2 tiene un problema de "Conditional jump or move depends on uninitialised value" en h2645_parse porque alloc_rbsp_buffer en libavcodec/h2645_parse.c gestiona de manera incorrecta rbsp_buffer. Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution o... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html • CWE-252: Unchecked Return Value •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13390 – Debian Security Advisory 4722-1
https://notcve.org/view.php?id=CVE-2019-13390
07 Jul 2019 — In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. En FFmpeg versión 4.1.3, hay una división por cero en adx_write_trailer en libavformat/rawenc.c. It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected Ubuntu 16.04 LTS, as it was already fixed in Ubuntu 18.04 LTS. • http://www.securityfocus.com/bid/109090 • CWE-369: Divide By Zero •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13312 – Gentoo Linux Security Advisory 202007-58
https://notcve.org/view.php?id=CVE-2019-13312
05 Jul 2019 — block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. block_cmp() in libavcodec/zmbvenc.c en FFmpeg versión 4.1.3 tiene una sobrelectura de búfer basada en memoria dinámica (heap) It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected Ubuntu 16.04 LTS, as it was already fixed in Ubuntu 18.04 LTS. • https://security.gentoo.org/glsa/202003-65 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 0CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
07 Dec 2005 — Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •