Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6449-1
HistoryOct 24, 2023 - 12:00 a.m.

FFmpeg vulnerabilities

2023-10-2400:00:00
ubuntu.com
64
ubuntu
ffmpeg
memory leak
denial of service
integer overflow
cve-2020-22038
cve-2020-20898
cve-2021-38090
cve-2021-38091
cve-2021-38092
cve-2021-38093
cve-2021-38094
cve-2022-48434
multimedia files
streaming

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.4%

JSON

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM

Packages

  • ffmpeg - Tools for transcoding, streaming and playing of multimedia files

Details

It was discovered that FFmpeg incorrectly managed memory resulting
in a memory leak. An attacker could possibly use this issue to cause
a denial of service via application crash. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22038)

It was discovered that FFmpeg incorrectly handled certain input files,
leading to an integer overflow. An attacker could possibly use this issue
to cause a denial of service via application crash. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-20898, CVE-2021-38090,
CVE-2021-38091, CVE-2021-38092, CVE-2021-38093, CVE-2021-38094)

It was discovered that FFmpeg incorrectly managed memory, resulting in
a memory leak. If a user or automated system were tricked into
processing a specially crafted input file, a remote attacker could
possibly use this issue to cause a denial of service, or execute
arbitrary code. (CVE-2022-48434)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchffmpeg< 7:4.4.2-0ubuntu0.22.04.1+esm2UNKNOWN
Ubuntu22.04noarchffmpeg< 7:4.4.2-0ubuntu0.22.04.1UNKNOWN
Ubuntu22.04noarchffmpeg-dbgsym< 7:4.4.2-0ubuntu0.22.04.1UNKNOWN
Ubuntu22.04noarchffmpeg-doc< 7:4.4.2-0ubuntu0.22.04.1UNKNOWN
Ubuntu22.04noarchlibavcodec-dev< 7:4.4.2-0ubuntu0.22.04.1UNKNOWN
Ubuntu22.04noarchlibavcodec-extra< 7:4.4.2-0ubuntu0.22.04.1UNKNOWN
Ubuntu22.04noarchlibavcodec-extra58< 7:4.4.2-0ubuntu0.22.04.1UNKNOWN
Ubuntu22.04noarchlibavcodec-extra58-dbgsym< 7:4.4.2-0ubuntu0.22.04.1UNKNOWN
Ubuntu22.04noarchlibavcodec58< 7:4.4.2-0ubuntu0.22.04.1UNKNOWN
Ubuntu22.04noarchlibavcodec58-dbgsym< 7:4.4.2-0ubuntu0.22.04.1UNKNOWN
Rows per page:
1-10 of 1521

Related

osv 10
openvas 14
nessus 13
ubuntu 1
ubuntucve 8
prion 8
cnvd 6
cve 8
debiancve 8
fedora 2
redos 1
veracode 2
alpinelinux 1
suse 2
rosalinux 1
gentoo 1
mageia 1
ics 1
osv
osv
ffmpeg regression
2023-11-15 09:38:15
ffmpeg vulnerabilities
2023-10-24 10:26:27
CVE-2021-38094
2021-09-20 16:15:11
openvas
openvas
Ubuntu: Security Advisory (USN-6449-1)
2023-10-25 00:00:00
Ubuntu: Security Advisory (USN-6449-2)
2023-11-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1468-1)
2024-05-07 00:00:00
nessus
nessus
Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : FFmpeg vulnerabilities (USN-6449-1)
2023-10-24 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg (SUSE-SU-2024:1468-1)
2024-04-30 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg (SUSE-SU-2023:2108-1)
2023-05-06 00:00:00
ubuntu
ubuntu
FFmpeg regression
2023-11-15 00:00:00
ubuntucve
ubuntucve
CVE-2021-38093
2021-09-20 00:00:00
CVE-2021-38092
2021-09-20 00:00:00
CVE-2021-38091
2021-09-20 00:00:00
prion
prion
Integer overflow
2021-09-20 16:15:00
Integer overflow
2021-09-20 16:15:00
Integer overflow
2021-09-20 16:15:00
cnvd
cnvd
FFmpeg integer overflow vulnerability (CNVD-2021-80287)
2021-09-23 00:00:00
FFmpeg integer overflow vulnerability (CNVD-2021-80289)
2021-09-23 00:00:00
FFmpeg integer overflow vulnerability (CNVD-2021-80286)
2021-09-23 00:00:00
cve
cve
CVE-2021-38093
2021-09-20 16:15:00
CVE-2021-38091
2021-09-20 16:15:00
CVE-2022-48434
2023-03-29 17:15:00
debiancve
debiancve
CVE-2021-38094
2021-09-20 16:15:00
CVE-2021-38093
2021-09-20 16:15:00
CVE-2021-38091
2021-09-20 16:15:00
fedora
fedora
[SECURITY] Fedora 37 Update: ffmpeg-5.1.3-1.fc37
2023-04-13 01:53:48
[SECURITY] Fedora 36 Update: ffmpeg-5.0.3-1.fc36
2023-04-22 01:12:24
redos
redos
ROS-20230616-02
2023-06-16 00:00:00
veracode
veracode
Use After Free
2023-04-30 13:12:32
Denial Of Service (DoS)
2021-10-20 16:02:41
alpinelinux
alpinelinux
CVE-2020-22038
2021-06-01 20:15:00
suse
suse
Security update for ffmpeg (moderate)
2021-10-26 00:00:00
Security update for ffmpeg (important)
2021-07-14 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2277
2023-10-22 06:34:44
gentoo
gentoo
FFmpeg: Multiple Vulnerabilities
2023-12-23 00:00:00
mageia
mageia
Updated ffmpeg packages fix security vulnerability
2021-10-29 22:32:22
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.4%

JSON
Related for USN-6449-1
osv10openvas14nessus13ubuntu1ubuntucve8prion8cnvd6cve8debiancve8fedora2redos1veracode2alpinelinux1suse2rosalinux1gentoo1mageia1ics1