user/ffmpeg: multiple vulnerabilities
Bugzilla ID | 156 |
Alias(es) | CVE-2019-13312, CVE-2019-13390, CVE-2019-15942, CVE-2020-12284 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-07-31 07:16:08 -0500 |
Modified | 2020-05-10 10:16:24 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Description
CVE-2019-13312: https://nvd.nist.gov/vuln/detail/CVE-2019-13312
block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based
buffer over-read.
CVE-2019-13390: https://nvd.nist.gov/vuln/detail/CVE-2019-13390
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in
libavformat/rawenc.c. This may be related to two NULL pointers passed
as arguments at libavcodec/frame_thread_encoder.c.