rpm package

suse/ffmpeg&distro=SUSE Linux Enterprise Module for Package Hub 15 SP2

pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2

Vulnerabilities (43)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-13904	—	< 3.4.2-11.3.1	3.4.2-11.3.1	Jun 7, 2020	FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
CVE-2019-17539	—	< 3.4.2-11.3.1	3.4.2-11.3.1	Oct 14, 2019	In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
CVE-2019-9721	—	< 3.4.2-11.8.2	3.4.2-11.8.2	Mar 12, 2019	A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

CVE-2020-13904Jun 7, 2020
affected < 3.4.2-11.3.1fixed 3.4.2-11.3.1
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
CVE-2019-17539Oct 14, 2019
affected < 3.4.2-11.3.1fixed 3.4.2-11.3.1
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
CVE-2019-9721Mar 12, 2019
affected < 3.4.2-11.8.2fixed 3.4.2-11.8.2
A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

Page 3 of 3