rpm package
opensuse/ffmpeg-4&distro=openSUSE Leap 15.1
pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Leap%2015.1
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15942 | — | < 4.2.1-bp151.5.3.1 | 4.2.1-bp151.5.3.1 | Sep 5, 2019 | FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. | ||
| CVE-2019-11339 | — | < 4.2.1-bp151.5.3.1 | 4.2.1-bp151.5.3.1 | Apr 18, 2019 | The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data. | ||
| CVE-2019-11338 | — | < 4.2.1-bp151.5.3.1 | 4.2.1-bp151.5.3.1 | Apr 18, 2019 | libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | ||
| CVE-2018-13305 | Hig | 8.1 | < 4.2.1-bp151.5.3.1 | 4.2.1-bp151.5.3.1 | Jul 5, 2018 | In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of s | |
| CVE-2017-17555 | Med | 6.5 | < 4.2.1-bp151.5.3.1 | 4.2.1-bp151.5.3.1 | Dec 12, 2017 | The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. |
- CVE-2019-15942Sep 5, 2019affected < 4.2.1-bp151.5.3.1fixed 4.2.1-bp151.5.3.1
FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.
- CVE-2019-11339Apr 18, 2019affected < 4.2.1-bp151.5.3.1fixed 4.2.1-bp151.5.3.1
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
- CVE-2019-11338Apr 18, 2019affected < 4.2.1-bp151.5.3.1fixed 4.2.1-bp151.5.3.1
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
- affected < 4.2.1-bp151.5.3.1fixed 4.2.1-bp151.5.3.1
In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of s
- affected < 4.2.1-bp151.5.3.1fixed 4.2.1-bp151.5.3.1
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.