CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1475
https://notcve.org/view.php?id=CVE-2022-1475
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. Se ha encontrado una vulnerabilidad de desbordamiento de enteros en las versiones de FFmpeg anteriores a la 4.4.2 y anteriores a la 5.0.1 en g729_parse() en llibavcodec/g729_parser.c al procesar un archivo especialmente diseñado • https://bugzilla.redhat.com/show_bug.cgi?id=2076764 https://security.gentoo.org/glsa/202312-14 https://trac.ffmpeg.org/ticket/9651 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 49%CPEs: 9EXPL: 0CVE-2009-0385
https://notcve.org/view.php?id=CVE-2009-0385
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. Error de presencia de signo en entero en la función fourxm_read_header en libavformat/4xm.c en FFmpeg versiones anteriores a revision 16846 permite a atacantes remotos ejecutar código de su elección a través de un fichero de vídeo 4X malformado con un valor largo current_track, lo cual dispara un puntero de referencia NULL. • http://git.ffmpeg.org/?p=ffmpeg%3Ba=commitdiff%3Bh=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17 http://osvdb.org/51643 http://secunia.com/advisories/33711 http://secunia.com/advisories/34296 http://secunia.com/advisories/34385 http://secunia.com/advisories/34712 http://secunia.com/advisories/34845 http://secunia.com/advisories/34905 http://security.gentoo.org/glsa/glsa-200903-33.xml http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846 http://svn.mplaye •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup http://secunia.com/advisories/17892 http://secunia.com/advisories/18066 http://secunia.com/advisories/18087 http://secunia.com/advisories/18107 http://secunia.com/advisories/18400 http://secunia.com/advisories/18739 http://secunia.com/advisories/18746 http://secunia.com/advisories/19114 http://secunia.com/advisories/19192 http://secunia&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •