Debian Ffmpeg vulnerabilities

CVE-2020-22028 [MEDIUM] CVE-2020-22028: ffmpeg - Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at lib... Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-35964 [MEDIUM] CVE-2020-35964: ffmpeg - track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write... track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. Scope: local bookworm: resolved (fixed in 7:4.3.1-6) bullseye: resolved (fixed in 7:4.3.1-6) forky: resolved (fixed in 7:4.3.1-6) sid: resolved (fixed in 7:4.3.1-6) trixie: resolved (fixed in 7:4.3.1-6)

CVE-2020-13904 [MEDIUM] CVE-2020-13904: ffmpeg - FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3... FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. Scope: local bookworm: resolved (fixed in 7:4.3.1-1) bullseye: resolved (fixed in 7:4.3.1-1) forky: resolved (fixed in 7:4.3.1-1) si

CVE-2020-22051 [MEDIUM] CVE-2020-22051: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in t... A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-22043 [MEDIUM] CVE-2020-22043: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at t... A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-20450 [HIGH] CVE-2020-20450: ffmpeg - FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavfo... FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. Scope: local bookworm: resolved (fixed in 7:4.4-5) bullseye: resolved (fixed in 7:4.3.3-0+deb11u1) forky: resolved (fixed in 7:4.4-5) sid: resolved (fixed in 7:4.4-5) trixie: resolved (fixed in 7:4.4-5)

CVE-2020-20451 [HIGH] CVE-2020-20451: ffmpeg - Denial of Service issue in FFmpeg 4.2 due to resource management errors via ffto... Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-22037 [MEDIUM] CVE-2020-22037: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in a... A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. Scope: local bookworm: resolved (fixed in 7:4.4.1-1) bullseye: resolved (fixed in 7:4.3.3-0+deb11u1) forky: resolved (fixed in 7:4.4.1-1) sid: resolved (fixed in 7:4.4.1-1) trixie: resolved (fixed in 7:4.4.1-1)

CVE-2020-22039 [MEDIUM] CVE-2020-22039: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in t... A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-22054 [MEDIUM] CVE-2020-22054: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in t... A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-20898 [HIGH] CVE-2020-20898: ffmpeg - Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_co... Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in

CVE-2020-22056 [MEDIUM] CVE-2020-22056: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in t... A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-20445 [MEDIUM] CVE-2020-20445: ffmpeg - FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which all... FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. Scope: local bookworm: resolved (fixed in 7:5.0.1-2) bullseye: resolved (fixed in 7:4.3.3-0+deb11u1) forky: resolved (fixed in 7:5.0.1-2) sid: resolved (fixed in 7:5.0.1-2) trixie: resolved (fixed in 7:5.0.1-2)

CVE-2020-22046 [MEDIUM] CVE-2020-22046: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in t... A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-20446 [MEDIUM] CVE-2020-20446: ffmpeg - FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which ... FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. Scope: local bookworm: resolved (fixed in 7:4.4.1-1) bullseye: resolved (fixed in 7:4.3.3-0+deb11u1) forky: resolved (fixed in 7:4.4.1-1) sid: resolved (fixed in 7:4.4.1-1) trixie: resolved (fixed in 7:4.4.1-1)

CVE-2020-22040 [MEDIUM] CVE-2020-22040: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in ... A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-22049 [MEDIUM] CVE-2020-22049: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in t... A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-22048 [MEDIUM] CVE-2020-22048: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in t... A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. Scope: local bookworm: resolved (fixed in 7:4.3-2) bullseye: resolved (fixed in 7:4.3-2) forky: resolved (fixed in 7:4.3-2) sid: resolved (fixed in 7:4.3-2) trixie: resolved (fixed in 7:4.3-2)

CVE-2020-24995 [HIGH] CVE-2020-24995: ffmpeg - Buffer overflow vulnerability in sniff_channel_order function in aacdec_template... Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-22038 [MEDIUM] CVE-2020-22038: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in t... A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. Scope: local bookworm: resolved (fixed in 7:4.4-5) bullseye: open forky: resolved (fixed in 7:4.4-5) sid: resolved (fixed in 7:4.4-5) trixie: resolved (fixed in 7:4.4-5)