FFmpeg 代码问题漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg version 4.3, which stems from a flaw in the decodeframe function in the libavcodec/tiff.c file. No details of the vulnerability are available at th...

CVE-2020-36138

CVE-2020-36138 affects FFmpeg 4.3: the decode_frame function in libavcodec/tiff.c is vulnerable, allowing remote attackers to cause a denial-of-service. The issue is documented across multiple connected sources (NVD and OSV entries) with the same description; no exploit details or mitigation step...

Debian dla-3454 : ffmpeg - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3454 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3454-1 [email protected]...

The vulnerability in the `libavcodec/pthread_frame.c` component of the multimedia library FFmpeg, related to the use of memory after it is freed, allows a hacker to execute arbitrary code.

The vulnerability of the libavcodec/pthreadframe.c component in the FFmpeg multimedia library is related to the use of memory after it is freed during the processing of working threads by the decoder hwaccel. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg (SUSE-SU-2023:2108-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2108-1 advisory. - libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwacc...

SUSE-SU-2023:2108-1 Security update for ffmpeg

This update for ffmpeg fixes the following issues: - CVE-2022-48434: Fixed use after free in libavcodec/pthreadframe.c bsc1209934...

SUSE SLED15 / SLES15 / openSUSE 15 : This update has recommended fixes for ffmpeg-4 (SUSE-SU-2023:2087-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2087-1 advisory. - libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwacc...

Use After Free

ffmpeg is vulnerable to Use After Free. vulnerability occurs in 'libavcodec/pthreadframe.c' due to stale hwaccel state in worker threads which allows an attacker to trigger use after free...

Fedora 37 : ffmpeg (2023-32c3bbbbc9)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-32c3bbbbc9 advisory. New release with bug fixes across the tree Contains security fix for CVE-2022-48434 . Tenable has extracted the preceding description block directly from the...

CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

Design/Logic Flaw

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

CVE-2022-48434

CVE-2022-48434 : FFmpeg’s libavcodec pthread_frame.c contains a use-after-free in worker threads due to stale hwaccel state, exploitable in some scenarios (e.g., mid-video SPS change with Direct3D11). Affected component: libavcodec in FFmpeg lib used by VLC and others. Vulnerable version: FFmpeg ...

CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

SUSE CVE-2006-4800

Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in 1 dtsdec.c, 2 vorbis.c, 3 rm.c, 4 sierravmd.c, 5 smacker.c, 6 tta.c, 7 4xm.c, 8 alac.c, 9 cook.c, 10...

SUSE CVE-2013-0851

The decodeframe function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access...

SUSE CVE-2013-0852

The parsepicturesegment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access...

SUSE CVE-2013-7010

Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted data...

SUSE CVE-2015-5479

The ffh263decodemba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a file with crafted dimensions...

SUSE CVE-2015-6761

The updatedimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race condition and memory...