CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48434 – Ubuntu Security Notice USN-6449-2
https://notcve.org/view.php?id=CVE-2022-48434
29 Mar 2023 — libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue on... • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3341 – Ubuntu Security Notice USN-5958-1
https://notcve.org/view.php?id=CVE-2022-3341
12 Jan 2023 — A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubunt... • https://bugzilla.redhat.com/show_bug.cgi?id=2157054 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3109
https://notcve.org/view.php?id=CVE-2022-3109
16 Dec 2022 — An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. Se descubrió un problema en el paquete FFmpeg, donde vp3_decode_frame en libavcodec/vp3.c carece de verificación del valor de retorno de av_malloc() y provocará una desreferencia del puntero nulo, lo que afectará la disponibilidad. • https://bugzilla.redhat.com/show_bug.cgi?id=2153551 • CWE-476: NULL Pointer Dereference •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3964 – ffmpeg QuickTime RPZA Video Encoder rpzaenc.c out-of-bounds
https://notcve.org/view.php?id=CVE-2022-3964
13 Nov 2022 — A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3965 – ffmpeg QuickTime Graphics Video Encoder smcenc.c smc_encode_stream out-of-bounds
https://notcve.org/view.php?id=CVE-2022-3965
13 Nov 2022 — A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2566 – Heap-memory write in FFMPEG
https://notcve.org/view.php?id=CVE-2022-2566
23 Sep 2022 — A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 Existe una escritura de memoria fuera de los límite... • https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28435 – Command Injection
https://notcve.org/view.php?id=CVE-2020-28435
25 Jul 2022 — This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. Esto afecta a todas las versiones del paquete ffmpeg-sdk. El punto de inyección es encontrado en la línea 9 del archivo index.js • https://security.snyk.io/vuln/SNYK-JS-FFMPEGSDK-1050429 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125025 – FFmpeg decode_pulses memory corruption
https://notcve.org/view.php?id=CVE-2014-125025
19 Jun 2022 — A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e42ccb9db • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125024 – FFmpeg lag_decode_frame memory corruption
https://notcve.org/view.php?id=CVE-2014-125024
19 Jun 2022 — A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=4c3e1956ee • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125023 – FFmpeg Truemotion1 truemotion1_decode_header memory corruption
https://notcve.org/view.php?id=CVE-2014-125023
19 Jun 2022 — A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=2240e2078d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •