rpm package
opensuse/ffmpeg&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/ffmpeg&distro=openSUSE%20Leap%2015.4
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-28429 | — | < 3.4.2-150200.11.31.1 | 3.4.2-150200.11.31.1 | Aug 11, 2023 | Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. | ||
| CVE-2022-48434 | — | < 3.4.2-150200.11.28.1 | 3.4.2-150200.11.28.1 | Mar 29, 2023 | libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-vid | ||
| CVE-2022-3341 | — | < 3.4.2-150200.11.25.1 | 3.4.2-150200.11.25.1 | Jan 12, 2023 | A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an app | ||
| CVE-2022-3109 | — | < 3.4.2-150200.11.20.1 | 3.4.2-150200.11.20.1 | Dec 16, 2022 | An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | ||
| CVE-2019-13390 | — | < 3.4.2-150200.11.25.1 | 3.4.2-150200.11.25.1 | Jul 7, 2019 | In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. |
- CVE-2021-28429Aug 11, 2023affected < 3.4.2-150200.11.31.1fixed 3.4.2-150200.11.31.1
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.
- CVE-2022-48434Mar 29, 2023affected < 3.4.2-150200.11.28.1fixed 3.4.2-150200.11.28.1
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-vid
- CVE-2022-3341Jan 12, 2023affected < 3.4.2-150200.11.25.1fixed 3.4.2-150200.11.25.1
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an app
- CVE-2022-3109Dec 16, 2022affected < 3.4.2-150200.11.20.1fixed 3.4.2-150200.11.20.1
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
- CVE-2019-13390Jul 7, 2019affected < 3.4.2-150200.11.25.1fixed 3.4.2-150200.11.25.1
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.