CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-35965 – Gentoo Linux Security Advisory 202105-24
https://notcve.org/view.php?id=CVE-2020-35965
04 Jan 2021 — decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. La función decode_frame en la biblioteca libavcodec/exr.c en FFmpeg versión 4.3.1, presenta una escritura fuera de límites debido a errores en los cálculos de cuándo realiza operaciones memset zero. It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to ca... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35964 – Gentoo Linux Security Advisory 202105-24
https://notcve.org/view.php?id=CVE-2020-35964
03 Jan 2021 — track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. La función track_header en la biblioteca libavformat/vividas.c en FFmpeg versión 4.3.1, presenta una escritura fuera de límites debido al empaquetado extradata incorrecto. Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. Versions less than 4.4 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26622 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 0CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
07 Dec 2005 — Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •