Debian Ffmpeg vulnerabilities

CVE-2021-38291 [HIGH] CVE-2021-38291: ffmpeg - FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers fro... FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. Scope: local bookworm: resolved (fixed in 7:4.4.1-1) bullseye: resolved (fixed in 7:4.3.3-0+deb11u1) forky: resolved (fixed in 7:4.4.1-1) sid: resolved (fixed in 7:4.4.1-1) trixie: resolved (fixed in 7:4.4.1-1)

CVE-2021-38092 [HIGH] CVE-2021-38092: ffmpeg - Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_conv... Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:

CVE-2021-38093 [HIGH] CVE-2021-38093: ffmpeg - Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convo... Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4

CVE-2021-38090 [HIGH] CVE-2021-38090: ffmpeg - Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_co... Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in

CVE-2021-38091 [HIGH] CVE-2021-38091: ffmpeg - Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_conv... Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:

CVE-2021-38094 [HIGH] CVE-2021-38094: ffmpeg - Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convol... Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.

CVE-2021-33815 [HIGH] CVE-2021-33815: ffmpeg - dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array a... dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2021-30123 [HIGH] CVE-2021-30123: ffmpeg - FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a cr... FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-12284 [CRITICAL] CVE-2020-12284: ffmpeg - cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a h... cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. Scope: local bookworm: resolved (fixed in 7:4.2.3-1) bullseye: resolved (fixed in 7:4.2.3-1) forky: resolved (fixed in 7:4.2.3-1) sid: resolved (fixed in 7:4.2.3-1) trixie: resolved (fixed in

CVE-2020-22035 [HIGH] CVE-2020-22035: ffmpeg - A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row... A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-

CVE-2020-22023 [HIGH] CVE-2020-22023: ffmpeg - A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame... A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed

CVE-2020-21041 [HIGH] CVE-2020-21041: ffmpeg - Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in ... Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service Scope: local bookworm: resolved (fixed in 7:4.3.2-0+deb11u2) bullseye: resolved (fixed in 7:4.3.2-0+deb11u2) forky: resolved (fixed in 7:4.3.2-0+deb11u2) sid: resolved (fixed in 7:4.3.2-0+deb11u2) trixi

CVE-2020-22031 [HIGH] CVE-2020-22031: ffmpeg - A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/v... A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed

CVE-2020-20892 [HIGH] CVE-2020-20892: ffmpeg - An issue was discovered in function filter_frame in libavfilter/vf_lenscorrectio... An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: r

CVE-2020-14212 [HIGH] CVE-2020-14212: ffmpeg - FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavform... FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. Scope: local bookworm: resolved (fixed in 7:4.3.1-1) bullseye: resolved (fixed in 7:4.3.1-1) forky: resolved (fixed in 7:4.3.1-1) sid: resolved (fixed in 7:4.3.1-1) trixie: resol

CVE-2020-22032 [HIGH] CVE-2020-22032: ffmpeg - A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_e... A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4

CVE-2020-21688 [HIGH] CVE-2020-21688: ffmpeg - A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 ... A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. Scope: local bookworm: resolved (fixed in 7:4.4-5) bullseye: resolved (fixed in 7:4.3.3-0+deb11u1) forky: resolved (fixed in 7:4.4-5) sid: resolved (fixed in 7:4.4-5) trixie: resolved (fixed in 7:4.4-5)

CVE-2020-35965 [HIGH] CVE-2020-35965: ffmpeg - decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write beca... decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. Scope: local bookworm: resolved (fixed in 7:4.3.1-6) bullseye: resolved (fixed in 7:4.3.1-6) forky: resolved (fixed in 7:4.3.1-6) sid: resolved (fixed in 7:4.3.1-6) trixie: resolved (fixed in 7:4.3.1-6)

CVE-2020-22015 [HIGH] CVE-2020-22015: ffmpeg - Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the ou... Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. Scope: local bookworm: resolved (fixed in 7:4.3.2-0+deb11u2) bullseye: resolved (fixed in 7:4.3.2-0+deb11u2) forky: resolved (fi

CVE-2020-22029 [HIGH] CVE-2020-22029: ffmpeg - A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/v... A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fix