Debian Ffmpeg vulnerabilities

CVE-2020-22034 [HIGH] CVE-2020-22034: ffmpeg - A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_f... A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-24020 [HIGH] CVE-2020-24020: ffmpeg - Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavf... Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. Scope: local bookworm: resolved (fixed in 7:4.3.1-1) bullseye: resolved forky: resolved (fixed in 7:4.3.1-1) sid: resolved (fixed in 7:4.

CVE-2020-22036 [HIGH] CVE-2020-22036: ffmpeg - A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra ... A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-

CVE-2020-22030 [HIGH] CVE-2020-22030: ffmpeg - A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/a... A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed

CVE-2020-20896 [HIGH] CVE-2020-20896: ffmpeg - An issue was discovered in function latm_write_packet in libavformat/latmenc.c i... An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie

CVE-2020-22016 [HIGH] CVE-2020-22016: ffmpeg - A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.... A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 7:4.2.2-1) bullseye: resolved (fixed in 7:4.2.2-1) forky: resolved (fixed in 7:4.2.2-1) sid: resolved (fixed in 7:4.2.2-1) trixie: resolved (fixed i

CVE-2020-20891 [HIGH] CVE-2020-20891: ffmpeg - Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c... Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-22025 [HIGH] CVE-2020-22025: ffmpeg - A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilte... A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-22022 [HIGH] CVE-2020-22022: ffmpeg - A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame ... A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7

CVE-2020-22017 [HIGH] CVE-2020-22017: ffmpeg - A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_recta... A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in

CVE-2020-22027 [HIGH] CVE-2020-22027: ffmpeg - A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at l... A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2

CVE-2020-22021 [MEDIUM] CVE-2020-22021: ffmpeg - Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfil... Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. Scope: local bookworm: resolved (fixed in 7:4.3.2-0+deb11u2) bullseye: resolved (fixed in 7:4.3.2-0+deb11u2) forky: resolved (fixed in 7:4.3.2-0+deb11u2) sid: resolved (fixed in 7:4.3.2-0+deb11u2) trixie:

CVE-2020-22026 [MEDIUM] CVE-2020-22026: ffmpeg - Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function ... Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2

CVE-2020-22020 [MEDIUM] CVE-2020-22020: ffmpeg - Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in li... Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-22019 [MEDIUM] CVE-2020-22019: ffmpeg - Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilte... Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. Scope: local bookworm: resolved (fixed in 7:4.3.2-0+deb11u2) bullseye: resolved (fixed in 7:4.3.2-0+deb11u2) forky: resolved (fixed in 7:4.3.2-0+deb11u2) sid: resolved (fixed in 7:4.3.2-0+deb11u2) trix

CVE-2020-20902 [MEDIUM] CVE-2020-20902: ffmpeg - A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function ... A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. Scope: local bookworm: resolved (fixed in 7:4.2.2-1) bullseye: resolved (fixed in 7:4.2.2-1) forky: resolved (fixed in 7:4.2.

CVE-2020-21697 [MEDIUM] CVE-2020-21697: ffmpeg - A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpege... A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. Scope: local bookworm: resolved (fixed in 7:4.4-5) bullseye: resolved (fixed in 7:4.3.3-0+deb11u1) forky: resolved (fixed in 7:4.4-5) sid: resolved (fixed in 7:4.4-5) trixie: resolved (fixed in 7:4.4-5)

CVE-2020-23906 [MEDIUM] CVE-2020-23906: ffmpeg - FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) v... FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. Scope: local bookworm: resolved (fixed in 7:4.3.1-1) bullseye: resolved (fixed in 7:4.3.1-1) forky: resolved (fixed in 7:4.3.1-1) sid: resolved (fixed in 7:4.3.1-1) trixie: resolved (fixed in 7:4.3.1-1)

CVE-2020-22033 [MEDIUM] CVE-2020-22033: ffmpeg - A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_v... A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service. Scope: local bookworm: resolved (fixed in 7:4.3.2-0+deb11u2) bullseye: resolved (fixed in 7:4.3.2-0+deb11u2) forky: resolved (fixed in 7:4.3.2-0+deb11u2) sid: resolved (fixed in 7:4.3.2

CVE-2020-22024 [MEDIUM] CVE-2020-22024: ffmpeg - Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in li... Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)