rpm package

opensuse/ffmpeg-4&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweed

Vulnerabilities (85)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-32230		—	< 4.4.4-12.1	4.4.4-12.1	Jul 1, 2024	FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
CVE-2023-47282	Low	3.9	< 4.4.5-9.1	4.4.5-9.1	May 16, 2024	Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-22656	Low	3.9	< 4.4.5-9.1	4.4.5-9.1	May 16, 2024	Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-47169		—	< 4.4.5-9.1	4.4.5-9.1	May 16, 2024	Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-45221		—	< 4.4.5-9.1	4.4.5-9.1	May 16, 2024	Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-48368		—	< 4.4.5-9.1	4.4.5-9.1	May 16, 2024	Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-51794		—	< 4.4.4-9.1	4.4.4-9.1	Apr 26, 2024	Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
CVE-2023-51798		—	< 4.4.4-7.1	4.4.4-7.1	Apr 19, 2024	Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.
CVE-2023-51793		—	< 4.4.4-7.1	4.4.4-7.1	Apr 19, 2024	Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
CVE-2023-50010		—	< 4.4.4-10.1	4.4.4-10.1	Apr 19, 2024	FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.
CVE-2023-49502		—	< 4.4.4-7.1	4.4.4-7.1	Apr 19, 2024	Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.
CVE-2024-31578		—	< 4.4.4-7.1	4.4.4-7.1	Apr 17, 2024	FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
CVE-2022-48434		—	< 4.4.5-7.1	4.4.5-7.1	Mar 29, 2023	libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-vid
CVE-2022-3341		—	< 4.4.3-4.1	4.4.3-4.1	Jan 12, 2023	A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an app
CVE-2022-3109		—	< 4.4.3-3.1	4.4.3-3.1	Dec 16, 2022	An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
CVE-2022-3964		—	< 4.4.3-2.1	4.4.3-2.1	Nov 13, 2022	A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the att
CVE-2022-1475		—	< 4.4.6-4.1	4.4.6-4.1	May 2, 2022	An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
CVE-2021-38171		—	< 4.4-5.2	4.4-5.2	Aug 21, 2021	adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
CVE-2021-38114		—	< 4.4-5.2	4.4-5.2	Aug 4, 2021	libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
CVE-2021-33815		—	< 4.4-5.2	4.4-5.2	Jun 3, 2021	dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.

CVE-2024-32230Jul 1, 2024
affected < 4.4.4-12.1fixed 4.4.4-12.1
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
CVE-2023-47282LowMay 16, 2024
affected < 4.4.5-9.1fixed 4.4.5-9.1
Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-22656LowMay 16, 2024
affected < 4.4.5-9.1fixed 4.4.5-9.1
Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-47169May 16, 2024
affected < 4.4.5-9.1fixed 4.4.5-9.1
Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-45221May 16, 2024
affected < 4.4.5-9.1fixed 4.4.5-9.1
Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-48368May 16, 2024
affected < 4.4.5-9.1fixed 4.4.5-9.1
Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-51794Apr 26, 2024
affected < 4.4.4-9.1fixed 4.4.4-9.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
CVE-2023-51798Apr 19, 2024
affected < 4.4.4-7.1fixed 4.4.4-7.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.
CVE-2023-51793Apr 19, 2024
affected < 4.4.4-7.1fixed 4.4.4-7.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
CVE-2023-50010Apr 19, 2024
affected < 4.4.4-10.1fixed 4.4.4-10.1
FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.
CVE-2023-49502Apr 19, 2024
affected < 4.4.4-7.1fixed 4.4.4-7.1
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.
CVE-2024-31578Apr 17, 2024
affected < 4.4.4-7.1fixed 4.4.4-7.1
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
CVE-2022-48434Mar 29, 2023
affected < 4.4.5-7.1fixed 4.4.5-7.1
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-vid
CVE-2022-3341Jan 12, 2023
affected < 4.4.3-4.1fixed 4.4.3-4.1
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an app
CVE-2022-3109Dec 16, 2022
affected < 4.4.3-3.1fixed 4.4.3-3.1
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
CVE-2022-3964Nov 13, 2022
affected < 4.4.3-2.1fixed 4.4.3-2.1
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the att
CVE-2022-1475May 2, 2022
affected < 4.4.6-4.1fixed 4.4.6-4.1
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
CVE-2021-38171Aug 21, 2021
affected < 4.4-5.2fixed 4.4-5.2
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
CVE-2021-38114Aug 4, 2021
affected < 4.4-5.2fixed 4.4-5.2
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
CVE-2021-33815Jun 3, 2021
affected < 4.4-5.2fixed 4.4-5.2
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.

Page 2 of 5