Page 3 of 429 results (0.007 seconds)

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984 https://security.gentoo.org/glsa/202312-14 https://vuldb.com/?id.213543 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd https://security.gentoo.org/glsa/202312-14 https://vuldb.com/?id.213544 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 Existe una escritura de memoria fuera de los límites del montón en FFMPEG desde la versión 5.1. • https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. Esto afecta a todas las versiones del paquete ffmpeg-sdk. El punto de inyección es encontrado en la línea 9 del archivo index.js • https://security.snyk.io/vuln/SNYK-JS-FFMPEGSDK-1050429 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e42ccb9db https://vuldb.com/?id.12303 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •