| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-13904 | 4.3 |
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
|
07-10-2022 - 01:27 | 07-06-2020 - 19:15 | |
| CVE-2020-12284 | 10.0 |
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
|
29-04-2022 - 13:25 | 28-04-2020 - 06:15 | |
| CVE-2019-17542 | 7.5 |
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
|
21-07-2021 - 11:39 | 14-10-2019 - 02:15 | |
| CVE-2019-17539 | 7.5 |
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
|
10-06-2021 - 13:58 | 14-10-2019 - 02:15 | |
| CVE-2019-13390 | 4.3 |
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.
|
27-07-2020 - 19:15 | 07-07-2019 - 22:15 |