rpm package
suse/ffmpeg&distro=SUSE Manager Server 4.0
pkg:rpm/suse/ffmpeg&distro=SUSE%20Manager%20Server%204.0
Vulnerabilities (31)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-22026 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | May 26, 2021 | Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. | ||
| CVE-2020-22021 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | May 26, 2021 | Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. | ||
| CVE-2020-22019 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | May 26, 2021 | Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. | ||
| CVE-2020-22020 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | May 26, 2021 | Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service. | ||
| CVE-2020-22015 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | May 26, 2021 | Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. | ||
| CVE-2020-20451 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | May 25, 2021 | Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c. | ||
| CVE-2020-20448 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | May 25, 2021 | FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. | ||
| CVE-2020-21041 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | May 24, 2021 | Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service | ||
| CVE-2020-13904 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | Jun 7, 2020 | FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. | ||
| CVE-2019-17539 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | Oct 14, 2019 | In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. | ||
| CVE-2019-9721 | — | < 3.4.2-4.34.2 | 3.4.2-4.34.2 | Mar 12, 2019 | A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. |
- CVE-2020-22026May 26, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.
- CVE-2020-22021May 26, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.
- CVE-2020-22019May 26, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service.
- CVE-2020-22020May 26, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.
- CVE-2020-22015May 26, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.
- CVE-2020-20451May 25, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c.
- CVE-2020-20448May 25, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service.
- CVE-2020-21041May 24, 2021affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service
- CVE-2020-13904Jun 7, 2020affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
- CVE-2019-17539Oct 14, 2019affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
- CVE-2019-9721Mar 12, 2019affected < 3.4.2-4.34.2fixed 3.4.2-4.34.2
A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.
Page 2 of 2