CVSS: 8.8EPSS: 1%CPEs: 10EXPL: 0CVE-2019-11338
https://notcve.org/view.php?id=CVE-2019-11338
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. libavcodec/hevcdec.c en FFmpeg versión 3.4 y versión 4.1.2 maneja de forma incorrecta la detección de los primeros cortes duplicados, lo que permite a los atacantes remotos causar una denegación de servicio (desreferencia de puntero NULL y acceso fuera de límites) o posiblemente tener otro impacto no especificado a través de datos HEVC diseñados. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html http://www.securityfocus.com/bid/108034 https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html https://seclists.org/bugtraq/2019/May/60 https://usn.ubuntu.com/3967-1 https://usn.ubuntu.com/4431-1 https://www.debian.org/security/2019/dsa-4449 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-9718
https://notcve.org/view.php?id=CVE-2019-9718
In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. En FFmpeg, versión 3.2 y 4.1, una denegación de servicio en el decodificador de subtítulos permite a los atacantes acaparar la CPU mediante un archivo de vídeo manipulado en formato Matroska, debido a que ff_htmlmarkup_to_ass en libavcodec/htmlsubtitles.c tiene un argumento de formato complejo en sscanf • http://www.securityfocus.com/bid/107382 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982 https://github.com/FFmpeg/FFmpeg/commit/23ccf3cabb4baf6e8af4b1af3fcc59c904736f21 https://seclists.org/bugtraq/2019/May/60 https://usn.ubuntu.com/3967-1 https://www.debian.org/security/2019/dsa-4449 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-9721
https://notcve.org/view.php?id=CVE-2019-9721
A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. Una denegación de servicio en el decodificador de subtítulos en FFmpeg versión 3.2 y 4.1 permite a los atacantes acaparar la CPU a través de un archivo de vídeo elaborado en formato Matroska, porque handle_open_brace en libavcodec/htmlsubtitles.c tiene un argumento de formato complejo para sscanf • http://www.securityfocus.com/bid/107384 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65 https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774 https://usn.ubuntu.com/3967-1 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1000016
https://notcve.org/view.php?id=CVE-2019-1000016
FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31. FFMPEG 4.1 contiene una vulnerabilidad CWE-129: validación incorrecta del índice de arrays en libavcodec/cbs_av1.c que puede resultar en una denegación de servicio (DoS). Este ataque parece ser explotable mediante un archivo AV1 especialmente manipulado, que debe proporcionarse como entrada. • https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f • CWE-129: Improper Validation of Array Index •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup http://secunia.com/advisories/17892 http://secunia.com/advisories/18066 http://secunia.com/advisories/18087 http://secunia.com/advisories/18107 http://secunia.com/advisories/18400 http://secunia.com/advisories/18739 http://secunia.com/advisories/18746 http://secunia.com/advisories/19114 http://secunia.com/advisories/19192 http://secunia&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •