CVE-2022-3964 – ffmpeg QuickTime RPZA Video Encoder rpzaenc.c out-of-bounds
https://notcve.org/view.php?id=CVE-2022-3964
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984 https://security.gentoo.org/glsa/202312-14 https://vuldb.com/?id.213543 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2022-3965 – ffmpeg QuickTime Graphics Video Encoder smcenc.c smc_encode_stream out-of-bounds
https://notcve.org/view.php?id=CVE-2022-3965
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd https://security.gentoo.org/glsa/202312-14 https://vuldb.com/?id.213544 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2022-2566 – Heap-memory write in FFMPEG
https://notcve.org/view.php?id=CVE-2022-2566
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 Existe una escritura de memoria fuera de los límites del montón en FFMPEG desde la versión 5.1. • https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVE-2020-28435 – Command Injection
https://notcve.org/view.php?id=CVE-2020-28435
This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. Esto afecta a todas las versiones del paquete ffmpeg-sdk. El punto de inyección es encontrado en la línea 9 del archivo index.js • https://security.snyk.io/vuln/SNYK-JS-FFMPEGSDK-1050429 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2014-125025 – FFmpeg decode_pulses memory corruption
https://notcve.org/view.php?id=CVE-2014-125025
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e42ccb9db https://vuldb.com/?id.12303 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •