VYPR

rpm package

opensuse/ffmpeg-4&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweed

Vulnerabilities (85)

  • CVE-2020-22046Jun 2, 2021
    affected < 4.4-5.2fixed 4.4-5.2

    A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.

  • CVE-2020-22037Jun 1, 2021
    affected < 4.4-6.1fixed 4.4-6.1

    A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.

  • CVE-2020-22021May 26, 2021
    affected < 4.4.5-7.1fixed 4.4.5-7.1

    Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.

  • CVE-2020-35964Jan 3, 2021
    affected < 4.4-5.2fixed 4.4-5.2

    track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.

  • CVE-2019-15942Sep 5, 2019
    affected < 4.4-5.2fixed 4.4-5.2

    FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.

  • CVE-2019-11338Apr 18, 2019
    affected < 4.4-5.2fixed 4.4-5.2

    libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.

  • CVE-2018-15822HigAug 23, 2018
    affected < 4.4-5.2fixed 4.4-5.2

    The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.

  • CVE-2018-13305HigJul 5, 2018
    affected < 4.4-5.2fixed 4.4-5.2

    In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of s

  • CVE-2018-13300HigJul 5, 2018
    affected < 4.4-5.2fixed 4.4-5.2

    In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and pos

  • CVE-2018-7751MedApr 24, 2018
    affected < 4.4-5.2fixed 4.4-5.2

    The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.

  • CVE-2018-6621MedFeb 5, 2018
    affected < 4.4-5.2fixed 4.4-5.2

    The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.

  • CVE-2018-6392MedJan 29, 2018
    affected < 4.4-5.2fixed 4.4-5.2

    The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.

  • CVE-2017-17555MedDec 12, 2017
    affected < 4.4-5.2fixed 4.4-5.2

    The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

  • CVE-2017-17081MedNov 30, 2017
    affected < 4.4-5.2fixed 4.4-5.2

    The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.

  • CVE-2017-16840CriNov 21, 2017
    affected < 4.4-5.2fixed 4.4-5.2

    The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.

  • CVE-2017-15672HigNov 6, 2017
    affected < 4.4-5.2fixed 4.4-5.2

    The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.

  • CVE-2017-15186MedOct 24, 2017
    affected < 4.4-5.2fixed 4.4-5.2

    Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

  • CVE-2017-14225HigSep 9, 2017
    affected < 4.4-5.2fixed 4.4-5.2

    The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dere

  • CVE-2017-14223MedSep 9, 2017
    affected < 4.4-5.2fixed 4.4-5.2

    In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provid

  • CVE-2017-14222MedSep 9, 2017
    affected < 4.4-5.2fixed 4.4-5.2

    In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provid

Page 3 of 5