rpm package
opensuse/ffmpeg&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/ffmpeg&distro=openSUSE%20Leap%2015.3
Vulnerabilities (43)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-38094 | — | < 3.4.2-11.17.1 | 3.4.2-11.17.1 | Sep 20, 2021 | Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||
| CVE-2021-38093 | — | < 3.4.2-11.17.1 | 3.4.2-11.17.1 | Sep 20, 2021 | Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||
| CVE-2021-38092 | — | < 3.4.2-11.17.1 | 3.4.2-11.17.1 | Sep 20, 2021 | Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||
| CVE-2020-20902 | — | < 3.4.2-11.17.1 | 3.4.2-11.17.1 | Sep 20, 2021 | A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. | ||
| CVE-2020-20896 | — | < 3.4.2-11.17.1 | 3.4.2-11.17.1 | Sep 20, 2021 | An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference. | ||
| CVE-2020-20892 | — | < 3.4.2-11.17.1 | 3.4.2-11.17.1 | Sep 20, 2021 | An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero. | ||
| CVE-2020-20891 | — | < 3.4.2-11.17.1 | 3.4.2-11.17.1 | Sep 20, 2021 | Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||
| CVE-2021-38171 | — | < 3.4.2-11.11.1 | 3.4.2-11.11.1 | Aug 21, 2021 | adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. | ||
| CVE-2020-21688 | — | < 3.4.2-11.8.2 | 3.4.2-11.8.2 | Aug 10, 2021 | A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. | ||
| CVE-2020-21697 | — | < 3.4.2-11.8.2 | 3.4.2-11.8.2 | Aug 10, 2021 | A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. | ||
| CVE-2021-3566 | — | < 3.4.2-11.17.1 | 3.4.2-11.17.1 | Aug 5, 2021 | Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output fil | ||
| CVE-2021-38114 | — | < 3.4.2-11.8.2 | 3.4.2-11.8.2 | Aug 4, 2021 | libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. | ||
| CVE-2020-22054 | — | < 3.4.2-11.8.2 | 3.4.2-11.8.2 | Jun 2, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. | ||
| CVE-2020-22049 | — | < 3.4.2-11.8.2 | 3.4.2-11.8.2 | Jun 2, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. | ||
| CVE-2020-22048 | — | < 3.4.2-11.8.2 | 3.4.2-11.8.2 | Jun 2, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. | ||
| CVE-2020-22046 | — | < 3.4.2-11.8.2 | 3.4.2-11.8.2 | Jun 2, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. | ||
| CVE-2020-22044 | — | < 3.4.2-11.3.1 | 3.4.2-11.3.1 | Jun 1, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. | ||
| CVE-2020-22043 | — | < 3.4.2-11.3.1 | 3.4.2-11.3.1 | Jun 1, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. | ||
| CVE-2020-22042 | — | < 3.4.2-11.14.1 | 3.4.2-11.14.1 | Jun 1, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c. | ||
| CVE-2020-22039 | — | < 3.4.2-11.3.1 | 3.4.2-11.3.1 | Jun 1, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. |
- CVE-2021-38094Sep 20, 2021affected < 3.4.2-11.17.1fixed 3.4.2-11.17.1
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2021-38093Sep 20, 2021affected < 3.4.2-11.17.1fixed 3.4.2-11.17.1
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2021-38092Sep 20, 2021affected < 3.4.2-11.17.1fixed 3.4.2-11.17.1
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2020-20902Sep 20, 2021affected < 3.4.2-11.17.1fixed 3.4.2-11.17.1
A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information.
- CVE-2020-20896Sep 20, 2021affected < 3.4.2-11.17.1fixed 3.4.2-11.17.1
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.
- CVE-2020-20892Sep 20, 2021affected < 3.4.2-11.17.1fixed 3.4.2-11.17.1
An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.
- CVE-2020-20891Sep 20, 2021affected < 3.4.2-11.17.1fixed 3.4.2-11.17.1
Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2021-38171Aug 21, 2021affected < 3.4.2-11.11.1fixed 3.4.2-11.11.1
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
- CVE-2020-21688Aug 10, 2021affected < 3.4.2-11.8.2fixed 3.4.2-11.8.2
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
- CVE-2020-21697Aug 10, 2021affected < 3.4.2-11.8.2fixed 3.4.2-11.8.2
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
- CVE-2021-3566Aug 5, 2021affected < 3.4.2-11.17.1fixed 3.4.2-11.17.1
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output fil
- CVE-2021-38114Aug 4, 2021affected < 3.4.2-11.8.2fixed 3.4.2-11.8.2
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
- CVE-2020-22054Jun 2, 2021affected < 3.4.2-11.8.2fixed 3.4.2-11.8.2
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.
- CVE-2020-22049Jun 2, 2021affected < 3.4.2-11.8.2fixed 3.4.2-11.8.2
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
- CVE-2020-22048Jun 2, 2021affected < 3.4.2-11.8.2fixed 3.4.2-11.8.2
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
- CVE-2020-22046Jun 2, 2021affected < 3.4.2-11.8.2fixed 3.4.2-11.8.2
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
- CVE-2020-22044Jun 1, 2021affected < 3.4.2-11.3.1fixed 3.4.2-11.3.1
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.
- CVE-2020-22043Jun 1, 2021affected < 3.4.2-11.3.1fixed 3.4.2-11.3.1
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.
- CVE-2020-22042Jun 1, 2021affected < 3.4.2-11.14.1fixed 3.4.2-11.14.1
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.
- CVE-2020-22039Jun 1, 2021affected < 3.4.2-11.3.1fixed 3.4.2-11.3.1
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.
Page 1 of 3