CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20896
https://notcve.org/view.php?id=CVE-2020-20896
20 Sep 2021 — An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference. Se ha detectado un problema en la función latm_write_packet en el archivo libavformat/latmenc.c en Ffmpeg versión 4.2.1, que permite a atacantes causar una Denegación de Servicio u otros impactos no especificados debido a una desreferencia de puntero Null • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20892
https://notcve.org/view.php?id=CVE-2020-20892
20 Sep 2021 — An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero. Se ha detectado un problema en la función filter_frame en el archivo libavfilter/vf_lenscorrection.c en Ffmpeg versión 4.2.1, que permite a atacantes causar una Denegación de Servicio u otros impactos no especificados debido a una división por cero • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01 • CWE-369: Divide By Zero •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20891
https://notcve.org/view.php?id=CVE-2020-20891
20 Sep 2021 — Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Una vulnerabilidad de desbordamiento del búfer en la función config_input en el archivo libavfilter/vf_gblur.c en Ffmpeg versión 4.2.1, permite a atacantes causar una Denegación de Servicio u otros impactos no especificados • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38171 – Gentoo Linux Security Advisory 202312-14
https://notcve.org/view.php?id=CVE-2021-38171
21 Aug 2021 — adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. La función adts_decode_extradata en el archivo libavformat/adtsenc.c en Ffmpeg versión 4.4, no comprueba el valor de retorno de init_get_bits, que es un paso necesario porque el segundo argumento de init_get_bits puede ser diseñado. It was discovered that FFmpeg would attempt to divide by zero when using Linear Pred... • https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2021-38291 – Gentoo Linux Security Advisory 202312-14
https://notcve.org/view.php?id=CVE-2021-38291
12 Aug 2021 — FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. Una versión de FFmpeg (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) sufre un fallo de aserción en el archivo src/libavutil/mathematics.c It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ub... • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-617: Reachable Assertion •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-21688 – Ubuntu Security Notice USN-5472-1
https://notcve.org/view.php?id=CVE-2020-21688
10 Aug 2021 — A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. Un uso de memoria previamente liberada de la pila en la función av_freep en el archivo libavutil/mem.c de FFmpeg versión 4.2, permite a atacantes ejecutar código arbitrario It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubunt... • https://trac.ffmpeg.org/ticket/8186 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-21697 – Ubuntu Security Notice USN-5472-1
https://notcve.org/view.php?id=CVE-2020-21697
10 Aug 2021 — A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. Un uso de la memoria previamente liberada de la pila en la función mpeg_mux_write_packet en el archivo libavformat/mpegenc.c de FFmpeg 4.2, permite causar una denegación de servicio (DOS) por medio de un archivo avi diseñado It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attack... • https://trac.ffmpeg.org/ticket/8188 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3566
https://notcve.org/view.php?id=CVE-2021-3566
05 Aug 2021 — Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). Anterior a versión 4.3 de ffmpeg, el demuxer tty no tenía una función "read_probe" asignada. Si se diseña un archivo "ffconcat" legítimo que haga referencia a un... • https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532#diff-74f6b92a0541378ad15de9c29c0a2b0c69881ad9ffc71abe568b88b535e00a7f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38114 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2021-38114
04 Aug 2021 — libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. El archivo libavcodec/dnxhddec.c en FFmpeg versión 4.4 no comprueba el valor de retorno de la función init_vlc, un problema similar a CVE-2013-0868 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. • https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1 • CWE-252: Unchecked Return Value •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33815 – Gentoo Linux Security Advisory 202312-14
https://notcve.org/view.php?id=CVE-2021-33815
03 Jun 2021 — dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. Una función dwa_uncompress en el archivo libavcodec/exr.c en FFmpeg versión 4.4, permite un acceso a una matriz fuera de límites porque la función dc_count no es estrictamente comprobada Multiple vulnerabilities have been discovered in FFmpeg, the worst of which could lead to code execution. Versions greater than or equal to 6.0 are affected. • https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777 • CWE-129: Improper Validation of Array Index •