CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2020-20451
https://notcve.org/view.php?id=CVE-2020-20451
25 May 2021 — Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c. Un Problema de Denegación de Servicio en FFmpeg versión 4.2, debido a errores de administración de recursos por medio del archivo fftools/cmdutils.c • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-20450 – Ubuntu Security Notice USN-5472-1
https://notcve.org/view.php?id=CVE-2020-20450
25 May 2021 — FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. FFmpeg versión 4.2 está afectado por la desreferencia del puntero null pasado como argumento al archivo libavformat/aviobuf.c, lo que podría causar una Denegación de Servicio It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only a... • https://trac.ffmpeg.org/ticket/7993 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-20446 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2020-20446
25 May 2021 — FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. FFmpeg versión 4.2 está afectado por un problema Divide By Zero por medio del archivo libavcodec/aacpsy.c, que permite a un usuario malicioso remoto causar una Denegación de Servicio Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/s... • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-20445 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2020-20445
25 May 2021 — FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. It was discovered that FFmpeg incorrectly handled certain input. • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2020-13904 – Debian Security Advisory 4722-1
https://notcve.org/view.php?id=CVE-2020-13904
07 Jun 2020 — FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. FFmpeg versión 2.8 y versión 4.2.3, presenta un uso de la memoria previamente liberada por medio de una duración EXTINF diseñada en un archivo m3u8 porque la función parse_playlist en la biblioteca libavformat/hls.c libera un puntero, y luego este puntero es accedido en la fun... • https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 5%CPEs: 6EXPL: 1CVE-2020-12284 – Debian Security Advisory 4722-1
https://notcve.org/view.php?id=CVE-2020-12284
28 Apr 2020 — cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. En la función cbs_jpeg_split_fragment en el archivo libavcodec/cbs_jpeg.c en FFmpeg versión 4.1 y versión 4.2.2, presenta un desbordamiento del búfer en la región heap de la memoria durante el manejo de JPEG_MARKER_SOS debido a una falta de comprobación de longitud It was discovered that FFmpeg incorrectly verified empty audio packets or... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15942 – Gentoo Linux Security Advisory 202007-58
https://notcve.org/view.php?id=CVE-2019-15942
05 Sep 2019 — FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. FFmpeg hasta la versión 4.2 tiene un problema de "Conditional jump or move depends on uninitialised value" en h2645_parse porque alloc_rbsp_buffer en libavcodec/h2645_parse.c gestiona de manera incorrecta rbsp_buffer. Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution o... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html • CWE-252: Unchecked Return Value •
CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 0CVE-2005-4048
https://notcve.org/view.php?id=CVE-2005-4048
07 Dec 2005 — Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •