127 results (0.299 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2

08 Aug 2024 — A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. ... Es wurde eine kritische Schwachstelle in FFmpeg bis 5.1.5 gefunden. ... Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. • https://ffmpeg.org • CWE-122: Heap-based Buffer Overflow •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 1

06 Aug 2024 — A vulnerability was found in FFmpeg up to 7.0.1. ... Se encontró una vulnerabilidad en FFmpeg hasta 7.0.1. ... Es wurde eine Schwachstelle in FFmpeg bis 7.0.1 ausgemacht. ... Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. • https://ffmpeg.org • CWE-122: Heap-based Buffer Overflow •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

10 Apr 2024 — The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing them to ffmpeg via a shell command, allowing an attacker to execute arbitrary commands on the host system. • https://github.com/Instructor-Team8/CVE-2024-20291-POC • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

12 Jan 2024 — An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function. Se descubrió un problema en Jave2 versión 3.3.1 que permite a los atacantes ejecutar código arbitrario a través de la función FFmpeg. • https://gist.github.com/Dollhouse-18/288b4774bc296722c9e3c60bafa392bf •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 2

13 Dec 2023 — Jellyfin is a system for managing and streaming media. Prior to version 10.8.13, the `/System/MediaEncoder/Path` endpoint executes an arbitrary file using `ProcessStartInfo` via the `ValidateVersion` function. A malicious administrator can setup a network share and supply a UNC path to `/System/MediaEncoder/Path` which points to an executable on the network share, causing Jellyfin server to run the executable in the local context. The endpoint was removed in version 10.8.13. Jellyfin es un sistema para gest... • https://github.com/jellyfin/jellyfin/commit/83d2c69516471e2db72d9273c6a04247d0f37c86 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

06 Dec 2023 — Those arguments land in the command line of FFmpeg. Because UseShellExecute is always set to false, we can’t simply terminate the FFmpeg command and execute our own. It should only be possible to add additional arguments to FFmpeg, which is powerful enough as it stands. ... Esos argumentos llegan a la línea de comando de FFmpeg. ... Sólo debería ser posible agregar argumentos adicionales a FFmpeg, que es lo suficientemente poderoso tal como está. • https://ffmpeg.org/ffmpeg-filters.html#drawtext-1 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 1

28 Jul 2023 — Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

28 Jul 2023 — FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.... Se ha descubierto que FFmpeg v0.7.0 e inferiores contienen una vulnerabilidad de inyección de código en el componente "net.bramp.ffmpeg.FFmpeg..". • https://github.com/bramp/ffmpeg-cli-wrapper/blob/master/src/main/java/net/bramp/ffmpeg/FFmpeg.java • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

29 Mar 2023 — libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. ... It was discovered that FFmpeg incorrectly handled certain input files, leading to ... • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11 • CWE-416: Use After Free •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

25 Jul 2022 — This affects all versions of package ffmpeg-sdk. ... Esto afecta a todas las versiones del paquete ffmpeg-sdk. • https://security.snyk.io/vuln/SNYK-JS-FFMPEGSDK-1050429 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •