ffmpeg (SUSE:Linux Enterprise Module for Package Hub 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Package Hub 15 package ffmpeg, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2019-12730 — CVSS 9.8 (critical): aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently…
CVE-2019-17542 — CVSS 9.8 (critical): FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in…
CVE-2018-13305 — CVSS 8.1 (high): In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in…
CVE-2018-13300 — CVSS 8.1 (high): In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function…
CVE-2018-15822 — CVSS 7.5 (high): The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an…
CVE-2019-9718 — CVSS 6.5 (medium): In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska…
CVE-2018-13301 — CVSS 6.5 (medium): In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in…
CVE-2018-14394 — CVSS 6.5 (medium): libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero…
CVE-2018-14395 — CVSS 6.5 (medium): libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero…
CVE-2018-12458 — CVSS 6.5 (medium): An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an…