CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-35965 – Gentoo Linux Security Advisory 202105-24
https://notcve.org/view.php?id=CVE-2020-35965
04 Jan 2021 — decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. La función decode_frame en la biblioteca libavcodec/exr.c en FFmpeg versión 4.3.1, presenta una escritura fuera de límites debido a errores en los cálculos de cuándo realiza operaciones memset zero. It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. ... It was discovered that... • https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35964 – Gentoo Linux Security Advisory 202105-24
https://notcve.org/view.php?id=CVE-2020-35964
03 Jan 2021 — track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. La función track_header en la biblioteca libavformat/vividas.c en FFmpeg versión 4.3.1, presenta una escritura fuera de límites debido al empaquetado extradata incorrecto. Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. • https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2020-13904 – Debian Security Advisory 4722-1
https://notcve.org/view.php?id=CVE-2020-13904
07 Jun 2020 — FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. FFmpeg versión 2.8 y versión 4.2.3, presenta un uso de la memoria previamente liberada por medio de una duración EXTINF diseñada en un archivo m3u8 porque la función parse_playlist en la biblioteca libavformat/hls.c libera un puntero, y luego este puntero es acce... • https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 5%CPEs: 6EXPL: 1CVE-2020-12284 – Debian Security Advisory 4722-1
https://notcve.org/view.php?id=CVE-2020-12284
28 Apr 2020 — cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. En la función cbs_jpeg_split_fragment en el archivo libavcodec/cbs_jpeg.c en FFmpeg versión 4.1 y versión 4.2.2, presenta un desbordamiento del búfer en la región heap de la memoria durante el manejo de JPEG_MARKER_SOS debido a una falta de comprobación de longitud It was discovered that FFmpeg incorrectly verified e... • https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726 • CWE-787: Out-of-bounds Write •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18214
https://notcve.org/view.php?id=CVE-2019-18214
19 Oct 2019 — The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. ... La aplicación Video_Converter versión 0.1.0 para Nextcloud, permite la denegación de servicio (consumo de CPU y memoria) por medio de múltiples conversiones simultáneas porque muchos procesos FFmpeg pueden ser ejecutados al mismo tiempo. • https://github.com/PaulLereverend/NextcloudVideo_Converter/issues/22 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15942 – Gentoo Linux Security Advisory 202007-58
https://notcve.org/view.php?id=CVE-2019-15942
05 Sep 2019 — FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. FFmpeg hasta la versión 4.2 tiene un problema de "Conditional jump or move depends on uninitialised value" en h2645_parse porque alloc_rbsp_buffer en libavcodec/h2645_parse.c gestiona de manera incorrecta rbsp_buffer. Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the ... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html • CWE-252: Unchecked Return Value •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13390 – Debian Security Advisory 4722-1
https://notcve.org/view.php?id=CVE-2019-13390
07 Jul 2019 — In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. En FFmpeg versión 4.1.3, hay una división por cero en adx_write_trailer en libavformat/rawenc.c. It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. • http://www.securityfocus.com/bid/109090 • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2017-1000460
https://notcve.org/view.php?id=CVE-2017-1000460
03 Jan 2018 — In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. En la línea libavcodec/h264dec.c:500 en libav (v13_dev0), ffmpeg (n3.4) y chromium (56 anterior al 13 de febrero de 2017), el valor de retorno de init_get_bits se ignora y se llama a get_ue_golomb (gb) en un contexto get_bits no inicializado. • https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14795
https://notcve.org/view.php?id=CVE-2017-14795
27 Sep 2017 — The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg. La función hevc_write_frame en libbpg.c en libbpg 0.9.7 permite que los atacantes remotos causen una denegación de servicio (lect... • https://github.com/leonzhao7/vulnerability/blob/master/An%20Out-of-Bounds%20Read%20%28DoS%29%20Vulnerability%20in%20hevc.c%20of%20libbpg.md • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14796
https://notcve.org/view.php?id=CVE-2017-14796
27 Sep 2017 — The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg. La función hevc_write_frame en libbpg.c en libbpg 0.9.7 permite que los atacantes remotos causen una denegación de servicio (... • https://github.com/leonzhao7/vulnerability/blob/master/An%20integer%20underflow%20vulnerability%20in%20sao_filter_CTB%20of%20libbpg.md • CWE-191: Integer Underflow (Wrap or Wraparound) •