ALT-PU-2024-10869-2
Closed vulnerabilities
BDU:2023-02925
Уязвимость компонента libavcodec/pthread_frame.c мультимедийной библиотеки FFmpeg, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код
BDU:2023-03348
Уязвимость функции decode_main_header() (libavformat/nutdec.c) мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-00245
Уязвимость мультимедийной библиотеки FFmpeg, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привелегии
Modified: 2024-11-21
CVE-2022-3341
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
- https://bugzilla.redhat.com/show_bug.cgi?id=2157054
- https://bugzilla.redhat.com/show_bug.cgi?id=2157054
- https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e
- https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e
- [debian-lts-announce] 20230613 [SECURITY] [DLA 3454-1] ffmpeg security update
- [debian-lts-announce] 20230613 [SECURITY] [DLA 3454-1] ffmpeg security update
Modified: 2024-11-21
CVE-2022-48434
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
- https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11
- https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11
- FEDORA-2023-1e24db98a6
- FEDORA-2023-1e24db98a6
- FEDORA-2023-32c3bbbbc9
- FEDORA-2023-32c3bbbbc9
- https://news.ycombinator.com/item?id=35356201
- https://news.ycombinator.com/item?id=35356201
- GLSA-202312-14
- GLSA-202312-14
- https://wrv.github.io/h26forge.pdf
- https://wrv.github.io/h26forge.pdf
No data currently available.
Modified: 2024-08-06
CVE-2024-7055
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.