rpm package
opensuse/ffmpeg-7&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ffmpeg-7&distro=openSUSE%20Tumbleweed
Vulnerabilities (38)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-35368 | — | < 7.1-4.1 | 7.1-4.1 | Nov 29, 2024 | FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. | ||
| CVE-2024-35366 | — | < 7.1.4-2.1 | 7.1.4-2.1 | Nov 29, 2024 | FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without | ||
| CVE-2024-7055 | — | < 7.1-1.1 | 7.1-1.1 | Aug 6, 2024 | A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit h | ||
| CVE-2024-32230 | — | < 7.0-2.1 | 7.0-2.1 | Jul 1, 2024 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 | ||
| CVE-2024-32229 | — | < 7.0-3.1 | 7.0-3.1 | Jul 1, 2024 | FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. | ||
| CVE-2024-32228 | — | < 7.0-2.1 | 7.0-2.1 | Jul 1, 2024 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. | ||
| CVE-2023-47282 | Low | 3.9 | < 7.1.1-1.1 | 7.1.1-1.1 | May 16, 2024 | Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2023-22656 | Low | 3.9 | < 7.1.1-1.1 | 7.1.1-1.1 | May 16, 2024 | Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2023-47169 | — | < 7.1.1-1.1 | 7.1.1-1.1 | May 16, 2024 | Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2023-45221 | — | < 7.1.1-1.1 | 7.1.1-1.1 | May 16, 2024 | Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2023-48368 | — | < 7.1.1-1.1 | 7.1.1-1.1 | May 16, 2024 | Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2023-51794 | — | < 7.1.1-1.1 | 7.1.1-1.1 | Apr 26, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. | ||
| CVE-2023-51798 | — | < 7.1.1-1.1 | 7.1.1-1.1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate. | ||
| CVE-2023-51793 | — | < 7.1.1-1.1 | 7.1.1-1.1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. | ||
| CVE-2023-50010 | — | < 7.1.1-1.1 | 7.1.1-1.1 | Apr 19, 2024 | FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component. | ||
| CVE-2024-31578 | — | < 7.1.1-1.1 | 7.1.1-1.1 | Apr 17, 2024 | FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. | ||
| CVE-2022-3964 | — | < 7.0-1.1 | 7.0-1.1 | Nov 13, 2022 | A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the att | ||
| CVE-2020-22046 | — | < 7.0-1.1 | 7.0-1.1 | Jun 2, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. |
- CVE-2024-35368Nov 29, 2024affected < 7.1-4.1fixed 7.1-4.1
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
- CVE-2024-35366Nov 29, 2024affected < 7.1.4-2.1fixed 7.1.4-2.1
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without
- CVE-2024-7055Aug 6, 2024affected < 7.1-1.1fixed 7.1-1.1
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit h
- CVE-2024-32230Jul 1, 2024affected < 7.0-2.1fixed 7.0-2.1
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
- CVE-2024-32229Jul 1, 2024affected < 7.0-3.1fixed 7.0-3.1
FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column.
- CVE-2024-32228Jul 1, 2024affected < 7.0-2.1fixed 7.0-2.1
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.
- affected < 7.1.1-1.1fixed 7.1.1-1.1
Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
- affected < 7.1.1-1.1fixed 7.1.1-1.1
Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2023-47169May 16, 2024affected < 7.1.1-1.1fixed 7.1.1-1.1
Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2023-45221May 16, 2024affected < 7.1.1-1.1fixed 7.1.1-1.1
Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2023-48368May 16, 2024affected < 7.1.1-1.1fixed 7.1.1-1.1
Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2023-51794Apr 26, 2024affected < 7.1.1-1.1fixed 7.1.1-1.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
- CVE-2023-51798Apr 19, 2024affected < 7.1.1-1.1fixed 7.1.1-1.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.
- CVE-2023-51793Apr 19, 2024affected < 7.1.1-1.1fixed 7.1.1-1.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
- CVE-2023-50010Apr 19, 2024affected < 7.1.1-1.1fixed 7.1.1-1.1
FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.
- CVE-2024-31578Apr 17, 2024affected < 7.1.1-1.1fixed 7.1.1-1.1
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
- CVE-2022-3964Nov 13, 2022affected < 7.0-1.1fixed 7.0-1.1
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the att
- CVE-2020-22046Jun 2, 2021affected < 7.0-1.1fixed 7.0-1.1
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
Page 2 of 2