CVE-2024-35366

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds...

CVE-2024-35366

CVE-2024-35366 affects FFmpeg v6.1.1. The vulnerability is in the parse_options function of sbgdec.c in the libavformat module, where certain inputs are not properly validated. This can allow negative duration values to be accepted without bounds checking, leading to an integer overflow and poten...

CVE-2024-36618

CVE-2024-36618 affects FFmpeg n6.1.1 in the AVI demuxer of libavformat, where an integer overflow can lead to a denial-of-service. The connected advisories confirm this vulnerability and reference the FFmpeg component implicated (AVI demuxer, libavformat) and the specific version family (n6.1.1)....

PT-2024-27096

Name of the Vulnerable Software and Affected Versions FFmpeg version 6.1.1 Description The issue is related to an integer overflow in the AVI demuxer of the libavformat library, potentially resulting in a denial-of-service DoS condition. Recommendations For version 6.1.1, consider updating to a...

CVE-2024-35366

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds...

Astra Linux – Vulnerability in ffmpeg

FFmpeg n6.1.1 has an integer overflow vulnerability. The vulnerability resides in the parseoptions function in the sbgdec.c file, within the libavformat module. When parsing certain options, the software does not properly validate the input. This allows negative duration values to be accepted...

The vulnerability in the `libavformat/movenc.c` component of the FFmpeg multimedia library, related to the lack of checks for division by zero, allows attackers to trigger a service failure.

The vulnerability in the libavformat/movenc.c component of the FFmpeg multimedia library is related to the lack of checks for division by zero. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

OESA-2024-1761 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: A null pointer...

PT-2024-10422

Name of the Vulnerable Software and Affected Versions FFmpeg version 6.1.1 Description The issue is related to an integer overflow vulnerability in the parse options function of sbgdec.c within the libavformat module. This vulnerability allows for negative duration values to be accepted without...

ROS-20230620-01

Ffmpeg multimedia library vulnerability is related to NULL pointer dereferencing error in function decodemainheader in libavformat/nutdec.c. Exploitation of the vulnerability could allow an attacker, remotely, trick a victim into opening a specially crafted file and performing a denial-of-service...

Debian dla-3454 : ffmpeg - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3454 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3454-1 [email protected]...

SUSE CVE-2015-1208

Integer underflow in the movreaddefault function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file...

SUSE CVE-2016-7785

The avireadseek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service assert fault via a crafted AVI file...

SUSE CVE-2016-7905

The readgab2sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service NULL pointer used via a crafted AVI file...

SUSE CVE-2016-10190

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response...

SUSE CVE-2018-7751

The svgprobe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service Infinite Loop via a crafted XML file...

SUSE CVE-2018-11102

An issue was discovered in Libav 12.3. A read access violation in the movprobe function in libavformat/mov.c allows remote attackers to cause a denial of service application crash, as demonstrated by avconv...

SUSE CVE-2018-14395

libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service application crash caused by a divide-by-zero error with a user crafted audio file when converting to the MOV audio format...

SUSE CVE-2019-13390

In FFmpeg 4.1.3, there is a division by zero at adxwritetrailer in libavformat/rawenc.c...

SUSE CVE-2020-14212

FFmpeg through 4.3 has a heap-based buffer overflow in aviogetstr in libavformat/aviobuf.c because dnnbackendnative.c calls ffdnnloadmodelnative and a certain index check is omitted...