CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2024-31578 – Ubuntu Security Notice USN-6803-1
https://notcve.org/view.php?id=CVE-2024-31578
17 Apr 2024 — FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. Se descubrió que la versión n6.1.1 de FFmpeg contenía un heap use-after-free a través de la función av_hwframe_ctx_init. Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 24.04 LTS. • https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-31582 – Ubuntu Security Notice USN-6803-1
https://notcve.org/view.php?id=CVE-2024-31582
17 Apr 2024 — FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. Se descubrió que la versión n6.1 de FFmpeg contenía una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en la función draw_block_rectangle de libavfilter/vf_codecview.c. Esta vulnerabilidad permite a los atacantes provocar un co... • https://gist.github.com/1047524396/b47d5efe3bc420fb91dbb77c73c0fff3 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-49528 – Ubuntu Security Notice USN-6803-1
https://notcve.org/view.php?id=CVE-2023-49528
12 Apr 2024 — Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. Vulnerabilidad de desbordamiento de búfer en FFmpeg versión n6.1-3-g466799d4f5, permite a un atacante local ejecutar código arbitrario y provocar una denegación de servicio (DoS) a través de af_dialoguenhance.c:261:5 en el componente de_stereo. Zeng Yunxiang and Song Jiaxuan discovered that FFmp... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22860
https://notcve.org/view.php?id=CVE-2024-22860
27 Jan 2024 — Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a atacantes remotos ejecutar código arbitrario a través del componente jpegxl_anim_read_packet en el decodificador de animación JPEG XL. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61991 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22861
https://notcve.org/view.php?id=CVE-2024-22861
27 Jan 2024 — Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a los atacantes provocar una denegación de servicio (DoS) a través del módulo avcodec/osq. • https://github.com/FFmpeg/FFmpeg/commit/87b8c1081959e45ffdcbabb3d53ac9882ef2b5ce • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22862
https://notcve.org/view.php?id=CVE-2024-22862
27 Jan 2024 — Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a atacantes remotos ejecutar código arbitrario a través de JJPEG XL Parser. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62113 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47470
https://notcve.org/view.php?id=CVE-2023-47470
16 Nov 2023 — Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c Vulnerabilidad de desbordamiento del búfer en Ffmpeg anterior al commit de github 4565747056a11356210ed8edcecb920105e40b60 permite a un atacante remoto lograr una escritura fuera de matriz, ejecutar código arbitrario y provocar una... • https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46407
https://notcve.org/view.php?id=CVE-2023-46407
27 Oct 2023 — FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. Se descubrió que FFmpeg antes del commit bf814 contenía una lectura fuera de los límites a través de la variable dist->alphabet_size en la función read_vlc_prefix(). • https://github.com/FFmpeg/FFmpeg/commit/bf814387f42e9b0dea9d75c03db4723c88e7d962 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28429 – Ubuntu Security Notice USN-6430-1
https://notcve.org/view.php?id=CVE-2021-28429
11 Aug 2023 — Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. It was discovered that FFmpeg did not properly handle certain inputs in vf_lagfun.c, resulting in a buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS. It was discovered that FFmpeg incorrectly managed memory... • https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c94875471e3ba3dc396c6919ff3ec9b14539cd71 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36138
https://notcve.org/view.php?id=CVE-2020-36138
11 Aug 2023 — An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). • https://github.com/FFmpeg/FFmpeg/commit/292e41ce650a7b5ca5de4ae87fff0d6a90d9fc97 • CWE-476: NULL Pointer Dereference •