CVE-2021-3566
https://notcve.org/view.php?id=CVE-2021-3566
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). Anterior a versión 4.3 de ffmpeg, el demuxer tty no tenía una función "read_probe" asignada. Si se diseña un archivo "ffconcat" legítimo que haga referencia a una imagen, seguido de un archivo que desencadenar el demuxer tty, el contenido del segundo archivo se copiará en el archivo de salida literalmente (siempre que se pase la opción "vcodec copy" a ffmpeg) • https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532#diff-74f6b92a0541378ad15de9c29c0a2b0c69881ad9ffc71abe568b88b535e00a7f https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-24020
https://notcve.org/view.php?id=CVE-2020-24020
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. Una vulnerabilidad de Desbordamiento del Búfer en FFMpeg versión 4.2.3 en la función dnn_execute_layer_pad del archivo libavfilter/dnn/dnn_backend_native_layer_pad.c debido a una llamada a memcpy sin comprobaciones de longitud, lo que podría permitir a un usuario malicioso remoto ejecutar código arbitrario • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=584f396132aa19d21bb1e38ad9a5d428869290cb https://trac.ffmpeg.org/ticket/8718 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-13904
https://notcve.org/view.php?id=CVE-2020-13904
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. FFmpeg versión 2.8 y versión 4.2.3, presenta un uso de la memoria previamente liberada por medio de una duración EXTINF diseñada en un archivo m3u8 porque la función parse_playlist en la biblioteca libavformat/hls.c libera un puntero, y luego este puntero es accedido en la función av_probe_input_format3 en la biblioteca libavformat/format.c • https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2 https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq%40chinaffmpeg.org https://security.gentoo.org/glsa/202007-58 https://trac.ffmpeg.org/ticket/8673 https://usn.ubuntu.com/4431-1 https://www.debian.org/security/2020/dsa-4722 • CWE-416: Use After Free •
CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup http://secunia.com/advisories/17892 http://secunia.com/advisories/18066 http://secunia.com/advisories/18087 http://secunia.com/advisories/18107 http://secunia.com/advisories/18400 http://secunia.com/advisories/18739 http://secunia.com/advisories/18746 http://secunia.com/advisories/19114 http://secunia.com/advisories/19192 http://secunia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •