Shodan
Vulnerabilities
Vulnerable Software
Ffmpeg:  >> Ffmpeg  Security Vulnerabilities
CVE-2020-20892
An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-09-20
CVE-2021-38171
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-08-21
CVE-2021-38291
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-08-12
CVE-2020-21688
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-08-10
CVE-2020-21697
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-08-10
CVE-2021-3566
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).
CVSS Score
5.5
EPSS Score
0.001
Published
2021-08-05
CVE-2021-38114
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-08-04
CVE-2021-33815
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-06-03
CVE-2020-22054
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.
CVSS Score
6.5
EPSS Score
0.016
Published
2021-06-02
CVE-2020-22056
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-06-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved