ffmpeg (SUSE:Linux Enterprise High Performance Computing 15-ESPOS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15-ESPOS package ffmpeg, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (46)
CVE-2019-17539 — CVSS 9.8 (critical): In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when…
CVE-2021-38171 — CVSS 9.8 (critical): adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step…
CVE-2020-22022 — CVSS 8.8 (high): A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory…
CVE-2021-38094 — CVSS 8.8 (high): Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial…
CVE-2020-20891 — CVSS 8.8 (high): Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of…
CVE-2020-20892 — CVSS 8.8 (high): An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of…
CVE-2021-38093 — CVSS 8.8 (high): Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a…
CVE-2020-20896 — CVSS 8.8 (high): An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of…
CVE-2021-38092 — CVSS 8.8 (high): Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a…
CVE-2020-22034 — CVSS 8.8 (high): A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other…
CVE-2020-21688 — CVSS 8.8 (high): A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
CVE-2020-22032 — CVSS 8.8 (high): A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory…
CVE-2020-22015 — CVSS 8.8 (high): Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a…
CVE-2020-22016 — CVSS 8.8 (high): A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory…
CVE-2020-22017 — CVSS 8.8 (high): A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory…
CVE-2020-22025 — CVSS 8.8 (high): A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption…
CVE-2020-22031 — CVSS 8.8 (high): A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to…
CVE-2020-22023 — CVSS 8.8 (high): A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to…
CVE-2022-3109 — CVSS 7.5 (high): An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc()…
CVE-2020-20451 — CVSS 7.5 (high): Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c.
CVE-2020-21041 — CVSS 7.5 (high): Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious…
CVE-2020-35965 — CVSS 7.5 (high): decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset…
CVE-2020-22021 — CVSS 6.5 (medium): Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user…
CVE-2020-22026 — CVSS 6.5 (medium): Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote…
CVE-2020-22019 — CVSS 6.5 (medium): Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user…
CVE-2020-21697 — CVSS 6.5 (medium): A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service…
CVE-2020-22033 — CVSS 6.5 (medium): A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote…
CVE-2020-20902 — CVSS 6.5 (medium): A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of…
CVE-2020-22037 — CVSS 6.5 (medium): A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
CVE-2020-22038 — CVSS 6.5 (medium): A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.
CVE-2020-22039 — CVSS 6.5 (medium): A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.
CVE-2020-22042 — CVSS 6.5 (medium): A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function…
CVE-2020-22043 — CVSS 6.5 (medium): A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.
CVE-2020-22044 — CVSS 6.5 (medium): A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in…
CVE-2020-22046 — CVSS 6.5 (medium): A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in…
CVE-2020-22048 — CVSS 6.5 (medium): A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
CVE-2020-22049 — CVSS 6.5 (medium): A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
CVE-2020-22054 — CVSS 6.5 (medium): A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.
CVE-2019-9721 — CVSS 6.5 (medium): A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska…
CVE-2020-20448 — CVSS 6.5 (medium): FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of…
CVE-2020-22020 — CVSS 6.5 (medium): Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote…
CVE-2020-13904 — CVSS 5.5 (medium): FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a…
CVE-2021-38114 — CVSS 5.5 (medium): libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
CVE-2021-3566 — CVSS 5.5 (medium): Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file…
CVE-2020-20895: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22028. Reason: This candidate is a duplicate of CVE-2020-22028…
CVE-2020-20899: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22036. Reason: This candidate is a duplicate of CVE-2020-22036…