6 matches found
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the cencschemedecrypt, cbc1schemedecrypt, censschemedecrypt, and cbcsschemedecrypt paths in libavformat/mov.c. An attacker can trigger out-of-bounds subsample size validation by supplying a crafted...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the RV60 video decoder. An attacker can cause limited information disclosure and denial of service by convincing a user to process a specially crafted RV60 file. Workaround This vulnerability can be mitigated by...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the configinput function. An attacker can cause the application to crash by tricking a victim into processing a specially crafted media file with the Firequalizer filter enabled. Remediation Upgrade ffmpeg t...
Double Free
Overview Affected versions of this package are vulnerable to Double Free in the dnnexecutemodeltf function due to multiple deallocations of a task object in certain error-handling paths. An attacker can cause the application to crash by triggering specific error conditions while processing...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the getsiz function in jpeg2000dec.c. An attacker can execute arbitrary code or cause a crash by supplying a crafted JPEG2000 file containing a malicious cdef atom. Remediation Upgrade ffmpeg to version 8....
Debian DLA-2291-1 : ffmpeg security update
Several vulnerabilities have been fixed by upgrading FFmpeg, a widely used multimedia framework, from 3.2.14 to 3.2.15. CVE-2019-13390 rawenc: Only accept the appropriate stream type for raw muxers. CVE-2019-17542 Heap-based buffer overflow in vqadecodechunk. CVE-2020-13904 Use-after-free via a...