Page 24 of 427 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. Una denegación de servicio en el decodificador de subtítulos en FFmpeg versión 3.2 y 4.1 permite a los atacantes acaparar la CPU a través de un archivo de vídeo elaborado en formato Matroska, porque handle_open_brace en libavcodec/htmlsubtitles.c tiene un argumento de formato complejo para sscanf • http://www.securityfocus.com/bid/107384 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65 https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774 https://usn.ubuntu.com/3967-1 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31. FFMPEG 4.1 contiene una vulnerabilidad CWE-129: validación incorrecta del índice de arrays en libavcodec/cbs_av1.c que puede resultar en una denegación de servicio (DoS). Este ataque parece ser explotable mediante un archivo AV1 especialmente manipulado, que debe proporcionarse como entrada. • https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f • CWE-129: Improper Validation of Array Index •

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0

The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. La función flv_write_packet en libavformat/flvenc.c en FFmpeg hasta la versión 2.8 no comprueba si hay un paquete de audio vacío, lo que conduce a un fallo de aserción • https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10 https://github.com/FFmpeg/FFmpeg/commit/d8ecb335fe4852bbc172c7b79e66944d158b4d92 https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html https://seclists.org/bugtraq/2019/May/60 https://usn.ubuntu.com/3967-1 https://usn.ubuntu.com/4431-1 https://www.debian.org/security/2019/dsa-4449 • CWE-617: Reachable Assertion •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. FFmpeg antes del commit con ID 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contiene una vulnerabilidad de lectura fuera de array en el demuxer de formato ASF_F que puede resultar en la lecturade la memoria dinámica (heap). Este ataque parece ser explotable mediante un archivo ASF especialmente manipulado que debe proporcionarse como entrada. • http://www.securityfocus.com/bid/104896 https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later. FFmpeg antes del commit con ID cced03dd667a5df6df8fd40d8de0bff477ee02e8 contiene múltiples vulnerabilidades de acceso fuera de array en el protocolo mms que puede resultar en que los atacantes accedan a datos fuera de límites. Este ataque parece ser explotable mediante conectividad de red. • http://www.securityfocus.com/bid/104896 https://github.com/FFmpeg/FFmpeg/commit/cced03dd667a5df6df8fd40d8de0bff477ee02e8 https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html • CWE-125: Out-of-bounds Read •