AVG-1989 log

Package ffmpeg
Status Fixed
Severity Medium
Type multiple issues
Affected 2:4.4-6
Fixed 2:4.4.1-1
Current 2:7.1-3 [extra]
Ticket None
Created Tue May 25 18:57:49 2021
Issue Severity Remote Type Description
CVE-2021-38291 Low Yes Denial of service
FFmpeg before version 4.4.1 suffers from a an assertion failure at src/libavutil/mathematics.c.
CVE-2021-38171 Medium Yes Insufficient validation
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg before version 4.4.1 does not check the init_get_bits return value, which is a necessary step...
CVE-2021-38114 Medium Yes Arbitrary code execution
libavcodec/dnxhddec.c in FFmpeg before version 4.4.1 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
CVE-2021-33815 Medium Yes Information disclosure
dwa_uncompress in libavcodec/exr.c in FFmpeg before version 4.4.1 allows an out-of-bounds array access because dc_count is not strictly checked.
CVE-2020-22037 Low Yes Denial of service
A denial of service vulnerability exists in FFmpeg before version 4.4.1 due to a memory leak in avcodec_alloc_context3 at options.c.
CVE-2020-22033 Low Yes Denial of service
A heap-based buffer overflow vulnerability exists in FFmpeg before version 4.4.1 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a...
CVE-2020-22021 Low Yes Denial of service
A buffer overflow vulnerability in FFmpeg before version 4.4.1 at filter_edges function in libavfilter/vf_yadif.c could let a remote malicious user cause a...
CVE-2020-22019 Low Yes Denial of service
A buffer overflow vulnerability in FFmpeg before version 4.4.1 at convolution_y_10bit in libavfilter/vf_vmafmotion.c could let a remote malicious user cause...
CVE-2020-22015 Medium Yes Arbitrary code execution
A buffer overflow vulnerability in FFmpeg before version 4.4.1 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c could let a remote...
CVE-2020-20453 Low Yes Denial of service
FFmpeg before version 4.4.1 is affected by a divide by zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a denial of service.
CVE-2020-20446 Low Yes Denial of service
FFmpeg before version 4.4.1 is affected by a divide by zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a denial of service.
CVE-2020-20445 Low Yes Denial of service
FFmpeg before version 4.4.1 is affected by a divide by zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a denial of service.