Ffmpeg : Security Vulnerabilities, CVEs, Published In 2020 (Overflow)
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
Max CVSS
8.8
EPSS Score
0.39%
Published
2020-06-16
Updated
2020-09-18
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
Max CVSS
10.0
EPSS Score
4.98%
Published
2020-04-28
Updated
2022-04-29
Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.
Max CVSS
8.8
EPSS Score
6.61%
Published
2020-01-14
Updated
2020-01-21
3 vulnerabilities found