CVSS: 8.8EPSS: 1%CPEs: 10EXPL: 0CVE-2019-11338 – Debian Security Advisory 4449-1
https://notcve.org/view.php?id=CVE-2019-11338
18 Apr 2019 — libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. libavcodec/hevcdec.c en FFmpeg versión 3.4 y versión 4.1.2 maneja de forma incorrecta la detección de los primeros cortes duplicados, lo que permite a los atacantes remotos causar una denegación de servicio (desreferencia de puntero NULL y acce... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2019-9718 – Debian Security Advisory 4449-1
https://notcve.org/view.php?id=CVE-2019-9718
12 Mar 2019 — In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. En FFmpeg, versión 3.2 y 4.1, una denegación de servicio en el decodificador de subtítulos permite a los atacantes acaparar la CPU mediante un archivo de vídeo manipulado en formato Matroska, debido a que ff_htmlmarkup_to_ass en libavcodec/htmlsubtitles.c tiene un arg... • http://www.securityfocus.com/bid/107382 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-9721 – Ubuntu Security Notice USN-3967-1
https://notcve.org/view.php?id=CVE-2019-9721
12 Mar 2019 — A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. Una denegación de servicio en el decodificador de subtítulos en FFmpeg versión 3.2 y 4.1 permite a los atacantes acaparar la CPU a través de un archivo de vídeo elaborado en formato Matroska, porque handle_open_brace en libavcodec/htmlsubtitles.c tiene un argumento de for... • http://www.securityfocus.com/bid/107384 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2018-15822 – Ubuntu Security Notice USN-3967-1
https://notcve.org/view.php?id=CVE-2018-15822
23 Aug 2018 — The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. La función flv_write_packet en libavformat/flvenc.c en FFmpeg hasta la versión 2.8 no comprueba si hay un paquete de audio vacío, lo que conduce a un fallo de aserción It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only a... • https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10 • CWE-617: Reachable Assertion •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1999010
https://notcve.org/view.php?id=CVE-2018-1999010
23 Jul 2018 — FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later. FFmpeg antes del commit con ID cced03dd667a5df6df8fd40d8de0bff477ee02e8 contiene múltiples vulnerabilidades de acceso fuera de array en el protocolo mms q... • http://www.securityfocus.com/bid/104896 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 0CVE-2018-1999011 – Debian Security Advisory 4449-1
https://notcve.org/view.php?id=CVE-2018-1999011
23 Jul 2018 — FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later. FFmpeg antes del commit con ID 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contiene una vuln... • http://www.securityfocus.com/bid/104896 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1999012
https://notcve.org/view.php?id=CVE-2018-1999012
23 Jul 2018 — FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later. FFmpeg antes del commit con ID 9807d3976be0e92e4ece3b4b1701be894cd... • http://www.securityfocus.com/bid/104896 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1999013
https://notcve.org/view.php?id=CVE-2018-1999013
23 Jul 2018 — FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later. FFmpeg antes del commit con ID a7e032a277452366771951e29fd0bf2bd5c029f0 contiene una vulnerabilidad de uso de memoria ... • http://www.securityfocus.com/bid/104896 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1999014
https://notcve.org/view.php?id=CVE-2018-1999014
23 Jul 2018 — FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later. FFmpeg antes del commit con ID bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contiene una vulnerabilidad de acceso fuera de array en el demuxer de formato MXF ... • http://www.securityfocus.com/bid/104896 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1999015
https://notcve.org/view.php?id=CVE-2018-1999015
23 Jul 2018 — FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. FFmpeg antes del commit con ID 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contiene una vulnerabilidad de lectura fuera de array en el demuxer de... • http://www.securityfocus.com/bid/104896 • CWE-125: Out-of-bounds Read •