rpm package
opensuse/ffmpeg-5&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ffmpeg-5&distro=openSUSE%20Tumbleweed
Vulnerabilities (18)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-7272 | — | < 5.1.4-11.1 | 5.1.4-11.1 | Aug 8, 2024 | A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue w | ||
| CVE-2024-7055 | — | < 5.1.4-13.1 | 5.1.4-13.1 | Aug 6, 2024 | A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit h | ||
| CVE-2024-32230 | — | < 5.1.4-9.1 | 5.1.4-9.1 | Jul 1, 2024 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 | ||
| CVE-2024-32228 | — | < 5.1.4-9.1 | 5.1.4-9.1 | Jul 1, 2024 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. | ||
| CVE-2023-51794 | — | < 5.1.4-8.1 | 5.1.4-8.1 | Apr 26, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. | ||
| CVE-2023-51796 | — | < 5.1.4-5.1 | 5.1.4-5.1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame. | ||
| CVE-2023-51793 | — | < 5.1.4-6.1 | 5.1.4-6.1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. | ||
| CVE-2023-50010 | — | < 5.1.4-7.1 | 5.1.4-7.1 | Apr 19, 2024 | FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component. | ||
| CVE-2023-50009 | — | < 5.1.4-7.1 | 5.1.4-7.1 | Apr 19, 2024 | FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component. | ||
| CVE-2023-50008 | — | < 5.1.4-6.1 | 5.1.4-6.1 | Apr 19, 2024 | FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component. | ||
| CVE-2023-50007 | — | < 5.1.4-6.1 | 5.1.4-6.1 | Apr 19, 2024 | FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. | ||
| CVE-2023-49502 | — | < 5.1.4-6.1 | 5.1.4-6.1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. | ||
| CVE-2024-31585 | — | < 5.1.4-5.1 | 5.1.4-5.1 | Apr 17, 2024 | FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||
| CVE-2024-31582 | — | < 5.1.4-5.1 | 5.1.4-5.1 | Apr 17, 2024 | FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. | ||
| CVE-2024-31578 | — | < 5.1.4-5.1 | 5.1.4-5.1 | Apr 17, 2024 | FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. | ||
| CVE-2023-49528 | — | < 5.1.4-5.1 | 5.1.4-5.1 | Apr 12, 2024 | Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. | ||
| CVE-2022-3964 | — | < 5.1.2-4.1 | 5.1.2-4.1 | Nov 13, 2022 | A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the att | ||
| CVE-2022-2566 | — | < 5.1.1-1.1 | 5.1.1-1.1 | Sep 23, 2022 | A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a sm |
- CVE-2024-7272Aug 8, 2024affected < 5.1.4-11.1fixed 5.1.4-11.1
A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue w
- CVE-2024-7055Aug 6, 2024affected < 5.1.4-13.1fixed 5.1.4-13.1
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit h
- CVE-2024-32230Jul 1, 2024affected < 5.1.4-9.1fixed 5.1.4-9.1
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
- CVE-2024-32228Jul 1, 2024affected < 5.1.4-9.1fixed 5.1.4-9.1
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.
- CVE-2023-51794Apr 26, 2024affected < 5.1.4-8.1fixed 5.1.4-8.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
- CVE-2023-51796Apr 19, 2024affected < 5.1.4-5.1fixed 5.1.4-5.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.
- CVE-2023-51793Apr 19, 2024affected < 5.1.4-6.1fixed 5.1.4-6.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
- CVE-2023-50010Apr 19, 2024affected < 5.1.4-7.1fixed 5.1.4-7.1
FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.
- CVE-2023-50009Apr 19, 2024affected < 5.1.4-7.1fixed 5.1.4-7.1
FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component.
- CVE-2023-50008Apr 19, 2024affected < 5.1.4-6.1fixed 5.1.4-6.1
FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component.
- CVE-2023-50007Apr 19, 2024affected < 5.1.4-6.1fixed 5.1.4-6.1
FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component.
- CVE-2023-49502Apr 19, 2024affected < 5.1.4-6.1fixed 5.1.4-6.1
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.
- CVE-2024-31585Apr 17, 2024affected < 5.1.4-5.1fixed 5.1.4-5.1
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-31582Apr 17, 2024affected < 5.1.4-5.1fixed 5.1.4-5.1
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.
- CVE-2024-31578Apr 17, 2024affected < 5.1.4-5.1fixed 5.1.4-5.1
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
- CVE-2023-49528Apr 12, 2024affected < 5.1.4-5.1fixed 5.1.4-5.1
Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.
- CVE-2022-3964Nov 13, 2022affected < 5.1.2-4.1fixed 5.1.2-4.1
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the att
- CVE-2022-2566Sep 23, 2022affected < 5.1.1-1.1fixed 5.1.1-1.1
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a sm