FFmpeg 4.2

CPE Details

FFmpeg 4.2
4.2
2019-09-06
10h50 +00:00
2019-09-06
10h50 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ffmpeg:ffmpeg:4.2:-:*:*:*:*:*:*

Informations

Vendor

ffmpeg

Product

ffmpeg

Version

4.2

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-7272 2024-08-08 20h24 +00:00 A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component.
6.9
Medium
CVE-2024-22860 2024-01-26 23h00 +00:00 Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
9.8
Critical
CVE-2024-22861 2024-01-26 23h00 +00:00 Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
7.5
High
CVE-2024-22862 2024-01-26 23h00 +00:00 Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
9.8
Critical
CVE-2023-47470 2023-11-15 23h00 +00:00 Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c
7.8
High
CVE-2023-46407 2023-10-26 22h00 +00:00 FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.
5.5
Medium
CVE-2022-48434 2023-03-28 22h00 +00:00 libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
8.1
High
CVE-2022-3341 2023-01-11 23h00 +00:00 A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
5.3
Medium
CVE-2022-3109 2022-12-15 23h00 +00:00 An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
7.5
High
CVE-2022-1475 2022-05-01 22h00 +00:00 An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
5.5
Medium
CVE-2020-23906 2021-11-10 20h26 +00:00 FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.
5.5
Medium
CVE-2020-21688 2021-08-10 18h19 +00:00 A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
8.8
High
CVE-2020-21697 2021-08-10 18h19 +00:00 A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
6.5
Medium
CVE-2021-3566 2021-08-05 18h21 +00:00 Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).
5.5
Medium
CVE-2020-22056 2021-06-02 15h55 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.
6.5
Medium
CVE-2020-22054 2021-06-02 15h34 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.
6.5
Medium
CVE-2020-22051 2021-06-02 14h06 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.
6.5
Medium
CVE-2020-22049 2021-06-02 13h44 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
6.5
Medium
CVE-2020-22048 2021-06-02 13h40 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
6.5
Medium
CVE-2020-22046 2021-06-02 13h10 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
6.5
Medium
CVE-2020-22044 2021-06-01 18h02 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.
6.5
Medium
CVE-2020-22043 2021-06-01 17h57 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.
6.5
Medium
CVE-2020-22042 2021-06-01 17h53 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.
6.5
Medium
CVE-2020-22041 2021-06-01 17h34 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.
6.5
Medium
CVE-2020-22039 2021-06-01 17h30 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.
6.5
Medium
CVE-2020-22038 2021-06-01 17h25 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.
6.5
Medium
CVE-2020-22037 2021-06-01 17h22 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
6.5
Medium
CVE-2020-22040 2021-06-01 17h18 +00:00 A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.
6.5
Medium
CVE-2020-22036 2021-06-01 16h35 +00:00 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.
8.8
High
CVE-2020-22035 2021-06-01 16h31 +00:00 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.
8.8
High
CVE-2020-22034 2021-05-27 16h46 +00:00 A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.
8.8
High
CVE-2020-22033 2021-05-27 16h42 +00:00 A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.
6.5
Medium
CVE-2020-22032 2021-05-27 16h38 +00:00 A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.
8.8
High
CVE-2020-22016 2021-05-27 16h29 +00:00 A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
8.8
High
CVE-2020-22017 2021-05-27 16h27 +00:00 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.
8.8
High
CVE-2020-22022 2021-05-27 16h14 +00:00 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
8.8
High
CVE-2020-22023 2021-05-27 16h13 +00:00 A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
8.8
High
CVE-2020-22025 2021-05-27 16h11 +00:00 A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
8.8
High
CVE-2020-22027 2021-05-27 16h05 +00:00 A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.
8.8
High
CVE-2020-22030 2021-05-27 15h55 +00:00 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
8.8
High
CVE-2020-22029 2021-05-27 15h54 +00:00 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
8.8
High
CVE-2020-22031 2021-05-27 15h44 +00:00 A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
8.8
High
CVE-2020-22028 2021-05-26 18h39 +00:00 Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.
6.5
Medium
CVE-2020-22026 2021-05-26 18h31 +00:00 Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.
6.5
Medium
CVE-2020-22024 2021-05-26 18h18 +00:00 Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service.
6.5
Medium
CVE-2020-22021 2021-05-26 17h25 +00:00 Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.
6.5
Medium
CVE-2020-22019 2021-05-26 17h13 +00:00 Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service.
6.5
Medium
CVE-2020-22020 2021-05-26 17h08 +00:00 Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.
6.5
Medium
CVE-2020-22015 2021-05-26 14h25 +00:00 Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.
8.8
High
CVE-2020-20453 2021-05-25 17h15 +00:00 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service
6.5
Medium
CVE-2020-20451 2021-05-25 16h48 +00:00 Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c.
7.5
High
CVE-2020-20450 2021-05-25 16h16 +00:00 FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.
7.5
High
CVE-2020-20446 2021-05-25 15h40 +00:00 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.
6.5
Medium
CVE-2020-20445 2021-05-25 15h27 +00:00 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service.
6.5
Medium
CVE-2019-15942 2019-09-05 13h38 +00:00 FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.
8.8
High