Debian Ffmpeg vulnerabilities

CVE-2023-6602 [MEDIUM] CVE-2023-6602: ffmpeg - A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible dat... A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists. Scope: local bookworm: resolved (fixed in 7:5.1.7-0+deb12u1) bullseye: resolved (fixed in 7:4.3.9-0+deb11u1) forky: resolved (fixed in 7:7.1.1-1) sid: resolved (fixed in 7:7.1.1-1) trixie: resolved (fix

CVE-2023-46407 [MEDIUM] CVE-2023-46407: ffmpeg - FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via... FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2023-51791 [HIGH] CVE-2023-51791: ffmpeg - Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local att... Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fixed in 7:7.0.1-3) trixie: resolved (fixed in 7:7.0.1-3)

CVE-2023-47470 [HIGH] CVE-2023-47470: ffmpeg - Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210... Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie:

CVE-2023-50009 [HIGH] CVE-2023-50009: ffmpeg - FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gauss... FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fixed in 7:7.0.1-3) trixie: resolved (fixed in 7:7.0.1-3)

CVE-2023-51797 [MEDIUM] CVE-2023-51797: ffmpeg - Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local att... Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fixed in 7:7.0.1-3) trixie: resolved (fixed in 7:7.0.1-3)

CVE-2023-51796 [LOW] CVE-2023-51796: ffmpeg - Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local att... Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fixed in 7:7.0.1-3) trixie: resolved (fixed in 7:7.0.1-3)

CVE-2023-49501 [HIGH] CVE-2023-49501: ffmpeg - Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local atta... Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fixed in 7:7.0.1-3) trixie: resolved (fixed in 7:7.0.1-3)

CVE-2022-2566 [CRITICAL] CVE-2022-2566: ffmpeg - A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size c... A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a ma

CVE-2022-4907 [HIGH] CVE-2022-4907: chromium - Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a re... Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 108.0.5359.71-1) bullseye: resolved (fixed in 108.0.5359.71-2~deb11u1) forky: resolved (fixed in 108.0.5359.71-1) sid: resolved

CVE-2022-48434 [HIGH] CVE-2022-48434: ffmpeg - libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other prod... libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). Scope: local bookworm: resolved (fixed in 7:5.1.2

CVE-2022-3109 [HIGH] CVE-2022-3109: ffmpeg - An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavco... An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. Scope: local bookworm: resolved (fixed in 7:5.1-1) bullseye: resolved (fixed in 7:4.3.6-0+deb11u1) forky: resolved (fixed in 7:5.1-1) sid: resolved (fixed in 7:5.1-1)

CVE-2022-3964 [MEDIUM] CVE-2022-3964: ffmpeg - A vulnerability classified as problematic has been found in ffmpeg. This affects... A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is re

CVE-2022-1475 [MEDIUM] CVE-2022-1475: ffmpeg - An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and ... An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. Scope: local bookworm: resolved (fixed in 7:4.4.2-1) bullseye: resolved (fixed in 7:4.3.4-0+deb11u1) forky: resolved (fixed in 7:4.4.2-1) sid: resolved (fixed in 7:4.4.2-1) trixie: resolved

CVE-2022-3341 [MEDIUM] CVE-2022-3341: ffmpeg - A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_heade... A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. Scope: local bookworm: resolved (fixed in 7:5.1-1) bullseye: resolved

CVE-2022-3965 [MEDIUM] CVE-2022-3965: ffmpeg - A vulnerability classified as problematic was found in ffmpeg. This vulnerabilit... A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b3

CVE-2021-38114 [CRITICAL] CVE-2021-38114: ffmpeg - libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_... libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. Scope: local bookworm: resolved (fixed in 7:4.4.1-1) bullseye: resolved (fixed in 7:4.3.3-0+deb11u1) forky: resolved (fixed in 7:4.4.1-1) sid: resolved (fixed in 7:4.4.1-1) trixie: resolved (fixed in 7:4.4.1-1)

CVE-2021-38171 [CRITICAL] CVE-2021-38171: ffmpeg - adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the ... adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. Scope: local bookworm: resolved (fixed in 7:4.4.1-1) bullseye: resolved (fixed in 7:4.3.3-0+deb11u1) forky: resolved (fixed in 7:4.4.1-1) sid: resolved (fixed in 7:4.4.1-

CVE-2021-3566 [MEDIUM] CVE-2021-3566: ffmpeg - Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' functio... Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). Scope: local bookw

CVE-2021-28429 [MEDIUM] CVE-2021-28429: ffmpeg - Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.... Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. Scope: local bookworm: resolved (fixed in 7:4.4-5) bullseye: resolved (fixed in 7:4.3.3-0+deb11u1) forky: resolved (fixed in 7:4.4-5) sid: resolved (fixed in 7:4.4-5) trixie: reso