CVSS: 8.8EPSS: 1%CPEs: 10EXPL: 0CVE-2019-11338 – Debian Security Advisory 4449-1
https://notcve.org/view.php?id=CVE-2019-11338
18 Apr 2019 — libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. libavcodec/hevcdec.c en FFmpeg versión 3.4 y versión 4.1.2 maneja de forma incorrecta la detección de los primeros cortes duplicados, lo que permite a los atacantes remotos causar una denegación de servicio (desreferencia de puntero NULL y acce... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2019-9718 – Debian Security Advisory 4449-1
https://notcve.org/view.php?id=CVE-2019-9718
12 Mar 2019 — In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. En FFmpeg, versión 3.2 y 4.1, una denegación de servicio en el decodificador de subtítulos permite a los atacantes acaparar la CPU mediante un archivo de vídeo manipulado en formato Matroska, debido a que ff_htmlmarkup_to_ass en libavcodec/htmlsubtitles.c tiene un arg... • http://www.securityfocus.com/bid/107382 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-9721 – Ubuntu Security Notice USN-3967-1
https://notcve.org/view.php?id=CVE-2019-9721
12 Mar 2019 — A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. Una denegación de servicio en el decodificador de subtítulos en FFmpeg versión 3.2 y 4.1 permite a los atacantes acaparar la CPU a través de un archivo de vídeo elaborado en formato Matroska, porque handle_open_brace en libavcodec/htmlsubtitles.c tiene un argumento de for... • http://www.securityfocus.com/bid/107384 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1000016
https://notcve.org/view.php?id=CVE-2019-1000016
04 Feb 2019 — FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31. FFMPEG 4.1 contiene una vulnerabilidad CWE-129: validación incorrecta del índice de arrays en libavcodec/cbs_av1.c que puede resultar en una denegación de servi... • https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 0CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
07 Dec 2005 — Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •