AVG-1989 log

Package ffmpeg
Status Vulnerable
Severity Medium
Type multiple issues
Affected 2:4.4-4
Fixed Unknown
Current 2:4.4-4 [extra]
Ticket Create
Created Tue May 25 18:57:49 2021
Issue Severity Remote Type Description
CVE-2021-38291 Low Yes Denial of service
FFmpeg suffers from a an assertion failure at src/libavutil/mathematics.c.
CVE-2021-38171 Medium Yes Insufficient validation
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second...
CVE-2021-38114 Medium Yes Arbitrary code execution
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
CVE-2021-33815 Medium Yes Information disclosure
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of- bounds array access because dc_count is not strictly checked.
CVE-2020-22037 Low Yes Denial of service
A denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
CVE-2020-22033 Low Yes Denial of service
A heap-based buffer overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious...
CVE-2020-22021 Low Yes Denial of service
A buffer overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c could let a remote malicious user cause a denial of service.
CVE-2020-22019 Low Yes Denial of service
A buffer overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c could let a remote malicious user cause a denial of service.
CVE-2020-22015 Medium Yes Arbitrary code execution
A buffer overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c could let a remote malicious user...
CVE-2020-20453 Low Yes Denial of service
FFmpeg 4.2 is affected by a divide by zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a denial of service.
CVE-2020-20448 Low Yes Denial of service
FFmpeg 4.1.3 is affected by a divide by zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a denial of service.
CVE-2020-20446 Low Yes Denial of service
FFmpeg 4.2 is affected by a divide by zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a denial of service.
CVE-2020-20445 Low Yes Denial of service
FFmpeg 4.2 is affected by a divide by zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a denial of service.