VulnerableCode Package Details - pkg:ebuild/media-video/ffmpeg@6.0

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7wns-gt58-aaab	libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).	CVE-2022-48434
VCID-bvdr-emfg-aaah	An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.	CVE-2022-1475
VCID-d5ad-dpn1-aaaj	A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.	CVE-2022-3965
VCID-h52h-xpw7-aaaf	adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.	CVE-2021-38171
VCID-npy1-ax2t-aaac	FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.	CVE-2021-38291
VCID-py6c-5vka-aaaa	A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.	CVE-2022-3964
VCID-t9xj-4mu8-aaap	dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.	CVE-2021-33815

Vulnerability

Summary

Aliases

VCID-7wns-gt58-aaab

libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).

CVE-2022-48434

VCID-bvdr-emfg-aaah

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.

CVE-2022-1475

VCID-d5ad-dpn1-aaaj

A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.

CVE-2022-3965

VCID-h52h-xpw7-aaaf

adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.

CVE-2021-38171

VCID-npy1-ax2t-aaac

FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.

CVE-2021-38291

VCID-py6c-5vka-aaaa

A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.

CVE-2022-3964

VCID-t9xj-4mu8-aaap

dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.

CVE-2021-33815

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:10:24.334111+00:00	Gentoo Importer	Fixing	VCID-7wns-gt58-aaab	https://security.gentoo.org/glsa/202312-14	36.0.0
2025-03-28T13:10:24.315009+00:00	Gentoo Importer	Fixing	VCID-d5ad-dpn1-aaaj	https://security.gentoo.org/glsa/202312-14	36.0.0
2025-03-28T13:10:24.293856+00:00	Gentoo Importer	Fixing	VCID-py6c-5vka-aaaa	https://security.gentoo.org/glsa/202312-14	36.0.0
2025-03-28T13:10:24.272881+00:00	Gentoo Importer	Fixing	VCID-bvdr-emfg-aaah	https://security.gentoo.org/glsa/202312-14	36.0.0
2025-03-28T13:10:24.253816+00:00	Gentoo Importer	Fixing	VCID-npy1-ax2t-aaac	https://security.gentoo.org/glsa/202312-14	36.0.0
2025-03-28T13:10:24.234920+00:00	Gentoo Importer	Fixing	VCID-h52h-xpw7-aaaf	https://security.gentoo.org/glsa/202312-14	36.0.0
2025-03-28T13:10:24.213626+00:00	Gentoo Importer	Fixing	VCID-t9xj-4mu8-aaap	https://security.gentoo.org/glsa/202312-14	36.0.0
2024-09-18T08:04:42.445755+00:00	Gentoo Importer	Fixing	VCID-7wns-gt58-aaab	https://security.gentoo.org/glsa/202312-14	34.0.1
2024-09-18T08:04:42.417555+00:00	Gentoo Importer	Fixing	VCID-d5ad-dpn1-aaaj	https://security.gentoo.org/glsa/202312-14	34.0.1
2024-09-18T08:04:42.390231+00:00	Gentoo Importer	Fixing	VCID-py6c-5vka-aaaa	https://security.gentoo.org/glsa/202312-14	34.0.1
2024-09-18T08:04:42.363404+00:00	Gentoo Importer	Fixing	VCID-bvdr-emfg-aaah	https://security.gentoo.org/glsa/202312-14	34.0.1
2024-09-18T08:04:42.337828+00:00	Gentoo Importer	Fixing	VCID-npy1-ax2t-aaac	https://security.gentoo.org/glsa/202312-14	34.0.1
2024-09-18T08:04:42.316267+00:00	Gentoo Importer	Fixing	VCID-h52h-xpw7-aaaf	https://security.gentoo.org/glsa/202312-14	34.0.1
2024-09-18T08:04:42.291354+00:00	Gentoo Importer	Fixing	VCID-t9xj-4mu8-aaap	https://security.gentoo.org/glsa/202312-14	34.0.1
2024-01-04T02:09:18.607363+00:00	Gentoo Importer	Fixing	VCID-7wns-gt58-aaab	https://security.gentoo.org/glsa/202312-14	34.0.0rc1
2024-01-04T02:09:18.584036+00:00	Gentoo Importer	Fixing	VCID-d5ad-dpn1-aaaj	https://security.gentoo.org/glsa/202312-14	34.0.0rc1
2024-01-04T02:09:18.558655+00:00	Gentoo Importer	Fixing	VCID-py6c-5vka-aaaa	https://security.gentoo.org/glsa/202312-14	34.0.0rc1
2024-01-04T02:09:18.533498+00:00	Gentoo Importer	Fixing	VCID-bvdr-emfg-aaah	https://security.gentoo.org/glsa/202312-14	34.0.0rc1
2024-01-04T02:09:18.507700+00:00	Gentoo Importer	Fixing	VCID-npy1-ax2t-aaac	https://security.gentoo.org/glsa/202312-14	34.0.0rc1
2024-01-04T02:09:18.481641+00:00	Gentoo Importer	Fixing	VCID-h52h-xpw7-aaaf	https://security.gentoo.org/glsa/202312-14	34.0.0rc1
2024-01-04T02:09:18.455453+00:00	Gentoo Importer	Fixing	VCID-t9xj-4mu8-aaap	https://security.gentoo.org/glsa/202312-14	34.0.0rc1