CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38171 – Gentoo Linux Security Advisory 202312-14
https://notcve.org/view.php?id=CVE-2021-38171
21 Aug 2021 — adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. La función adts_decode_extradata en el archivo libavformat/adtsenc.c en Ffmpeg versión 4.4, no comprueba el valor de retorno de init_get_bits, que es un paso necesario porque el segundo argumento de init_get_bits puede ser diseñado. It was discovered that FFmpeg would attempt to divide by zero when using Linear Pred... • https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2021-38291 – Gentoo Linux Security Advisory 202312-14
https://notcve.org/view.php?id=CVE-2021-38291
12 Aug 2021 — FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. Una versión de FFmpeg (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) sufre un fallo de aserción en el archivo src/libavutil/mathematics.c It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ub... • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38114 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2021-38114
04 Aug 2021 — libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. El archivo libavcodec/dnxhddec.c en FFmpeg versión 4.4 no comprueba el valor de retorno de la función init_vlc, un problema similar a CVE-2013-0868 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. • https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1 • CWE-252: Unchecked Return Value •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33815 – Gentoo Linux Security Advisory 202312-14
https://notcve.org/view.php?id=CVE-2021-33815
03 Jun 2021 — dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. Una función dwa_uncompress en el archivo libavcodec/exr.c en FFmpeg versión 4.4, permite un acceso a una matriz fuera de límites porque la función dc_count no es estrictamente comprobada Multiple vulnerabilities have been discovered in FFmpeg, the worst of which could lead to code execution. Versions greater than or equal to 6.0 are affected. • https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777 • CWE-129: Improper Validation of Array Index •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 2CVE-2021-30123 – Gentoo Linux Security Advisory 202105-24
https://notcve.org/view.php?id=CVE-2021-30123
07 Apr 2021 — FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. FFmpeg versiones anteriores a 4.3 incluyéndola, contiene una vulnerabilidad de desbordamiento de búfer en libavcodec por medio de un archivo diseñado que puede conducir a una ejecución de código remota Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. Versions less than 4.4 are affected. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=d6f293353c94c7ce200f6e0975ae3de49787f91f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 0CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
07 Dec 2005 — Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •