UbuntuUpdates.org

Bugs fixes in "ffmpeg"

Origin Bug number Title Date fixed
CVE CVE-2020-20450 FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. 2022-06-08
CVE CVE-2020-20446 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. 2022-06-08
CVE CVE-2020-20445 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. 2022-06-08
Launchpad 1970674 New bug fix releases 3.4.11, 4.2.7 and 4.4.2 2022-06-08
CVE CVE-2020-13904 FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and late 2020-07-22
CVE CVE-2019-17542 FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. 2020-07-22
CVE CVE-2019-12730 aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of u 2020-07-22
CVE CVE-2019-11338 libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL 2020-07-22
CVE CVE-2018-15822 The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failu 2020-07-22
CVE CVE-2020-13904 FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and late 2020-07-22
CVE CVE-2019-17539 In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no va 2020-07-22
CVE CVE-2019-17542 FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. 2020-07-22
CVE CVE-2019-13390 In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. 2020-07-22
CVE CVE-2019-12730 aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of u 2020-07-22
CVE CVE-2020-13904 FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and late 2020-07-22
CVE CVE-2020-12284 cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missin 2020-07-22
CVE CVE-2019-13312 block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. 2020-07-22
CVE CVE-2020-13904 FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and late 2020-07-22
CVE CVE-2019-17542 FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. 2020-07-22
CVE CVE-2019-12730 aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of u 2020-07-22



About   -   Send Feedback to @ubuntu_updates