rpm package
suse/ffmpeg&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP1
pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1
Vulnerabilities (47)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48434 | — | < 3.4.2-150000.4.53.2 | 3.4.2-150000.4.53.2 | Mar 29, 2023 | libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-vid | ||
| CVE-2022-3341 | — | < 3.4.2-150000.4.53.2 | 3.4.2-150000.4.53.2 | Jan 12, 2023 | A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an app | ||
| CVE-2022-3109 | — | < 3.4.2-150000.4.44.1 | 3.4.2-150000.4.44.1 | Dec 16, 2022 | An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | ||
| CVE-2021-38094 | — | < 3.4.2-150000.4.44.1 | 3.4.2-150000.4.44.1 | Sep 20, 2021 | Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||
| CVE-2021-38093 | — | < 3.4.2-150000.4.44.1 | 3.4.2-150000.4.44.1 | Sep 20, 2021 | Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||
| CVE-2021-38092 | — | < 3.4.2-150000.4.44.1 | 3.4.2-150000.4.44.1 | Sep 20, 2021 | Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||
| CVE-2020-20902 | — | < 3.4.2-150000.4.44.1 | 3.4.2-150000.4.44.1 | Sep 20, 2021 | A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. | ||
| CVE-2020-20896 | — | < 3.4.2-150000.4.44.1 | 3.4.2-150000.4.44.1 | Sep 20, 2021 | An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference. | ||
| CVE-2020-20892 | — | < 3.4.2-150000.4.44.1 | 3.4.2-150000.4.44.1 | Sep 20, 2021 | An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero. | ||
| CVE-2020-20891 | — | < 3.4.2-150000.4.44.1 | 3.4.2-150000.4.44.1 | Sep 20, 2021 | Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||
| CVE-2021-38171 | — | < 3.4.2-4.37.1 | 3.4.2-4.37.1 | Aug 21, 2021 | adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. | ||
| CVE-2020-21688 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | Aug 10, 2021 | A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. | ||
| CVE-2020-21697 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | Aug 10, 2021 | A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. | ||
| CVE-2021-3566 | — | < 3.4.2-150000.4.44.1 | 3.4.2-150000.4.44.1 | Aug 5, 2021 | Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output fil | ||
| CVE-2021-38114 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | Aug 4, 2021 | libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. | ||
| CVE-2020-22054 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | Jun 2, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. | ||
| CVE-2020-22049 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | Jun 2, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. | ||
| CVE-2020-22048 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | Jun 2, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. | ||
| CVE-2020-22046 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | Jun 2, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. | ||
| CVE-2020-22044 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | Jun 1, 2021 | A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. |
- CVE-2022-48434Mar 29, 2023affected < 3.4.2-150000.4.53.2fixed 3.4.2-150000.4.53.2
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-vid
- CVE-2022-3341Jan 12, 2023affected < 3.4.2-150000.4.53.2fixed 3.4.2-150000.4.53.2
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an app
- CVE-2022-3109Dec 16, 2022affected < 3.4.2-150000.4.44.1fixed 3.4.2-150000.4.44.1
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
- CVE-2021-38094Sep 20, 2021affected < 3.4.2-150000.4.44.1fixed 3.4.2-150000.4.44.1
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2021-38093Sep 20, 2021affected < 3.4.2-150000.4.44.1fixed 3.4.2-150000.4.44.1
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2021-38092Sep 20, 2021affected < 3.4.2-150000.4.44.1fixed 3.4.2-150000.4.44.1
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2020-20902Sep 20, 2021affected < 3.4.2-150000.4.44.1fixed 3.4.2-150000.4.44.1
A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information.
- CVE-2020-20896Sep 20, 2021affected < 3.4.2-150000.4.44.1fixed 3.4.2-150000.4.44.1
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.
- CVE-2020-20892Sep 20, 2021affected < 3.4.2-150000.4.44.1fixed 3.4.2-150000.4.44.1
An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.
- CVE-2020-20891Sep 20, 2021affected < 3.4.2-150000.4.44.1fixed 3.4.2-150000.4.44.1
Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2021-38171Aug 21, 2021affected < 3.4.2-4.37.1fixed 3.4.2-4.37.1
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
- CVE-2020-21688Aug 10, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
- CVE-2020-21697Aug 10, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
- CVE-2021-3566Aug 5, 2021affected < 3.4.2-150000.4.44.1fixed 3.4.2-150000.4.44.1
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output fil
- CVE-2021-38114Aug 4, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
- CVE-2020-22054Jun 2, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.
- CVE-2020-22049Jun 2, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
- CVE-2020-22048Jun 2, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
- CVE-2020-22046Jun 2, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
- CVE-2020-22044Jun 1, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.
Page 1 of 3