Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 12 SP2 package ffmpeg-4, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2019-11338 — CVSS 8.8 (high): libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a…
CVE-2019-11339 — CVSS 8.8 (high): The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a…
CVE-2019-15942 — CVSS 8.8 (high): FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in…
CVE-2018-13305 — CVSS 8.1 (high): In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in…
CVE-2017-17555 — CVSS 6.5 (medium): The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other…