VulnerableCode Package Details - pkg:deb/ubuntu/ffmpeg@7:4.1.3-1

Search for packages

Package details: pkg:deb/ubuntu/ffmpeg@7:4.1.3-1

Essentials
History (0)

purl	pkg:deb/ubuntu/ffmpeg@7:4.1.3-1

Next non-vulnerable version	7:4.2.4-1ubuntu0.1
Latest non-vulnerable version	7:4.2.4-1ubuntu0.1
Risk	4.5

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-4kfh-pqwk-aaam Aliases: CVE-2020-12284	cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.	7:4.2.4-1ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-9aua-7ce1-aaap Aliases: CVE-2019-13390	In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.	7:4.2.1-2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gm7x-n9ub-aaak Aliases: CVE-2019-17542	FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.	7:4.2.1-2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-j9je-s5ab-aaah Aliases: CVE-2019-13312	block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.	7:4.2.4-1ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-jkhj-2usb-aaaf Aliases: CVE-2019-12730	aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.	7:4.1.4-1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pdga-yrz9-aaar Aliases: CVE-2020-13904	FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.	7:4.2.4-1ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-vmn5-9pwf-aaar Aliases: CVE-2019-17539	In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.	7:4.2.1-2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-urpq-5tst-aaae	libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.	CVE-2019-11338

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version