4 matches found
CVE-2021-3566
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'readprobe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim as long...
Security update for ffmpeg (moderate)
openSUSE Security Update: Security update for ffmpeg Announcement ID: openSUSE-SU-2021:3521-1 Rating: moderate References: 1186756 1187852 1189166 1190718 1190719 1190722 1190723 1190726 1190729 1190733 1190734 1190735 Cross-References: CVE-2020-20891 CVE-2020-20892 CVE-2020-20895 CVE-2020-20896...
Debian DLA-2742-1 : ffmpeg - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2742 advisory. - Buffer Overflow vulnerability exists in FFmpeg 4.1 via apngdoinverseblend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Servi...
CVE-2021-3566
CVE-2021-3566 affects FFmpeg prior to 4.3 where the tty demuxer lacked a read_probe assignment. An attacker could craft an ffconcat file referencing an image followed by a second file to cause the contents of the second file to be copied into the output when using -vcodec copy. Public advisories ...