FFmpegn4.0.2: 61 vulnerabilities (highest severity is: 9.8)

[mend-for-github-com[bot]]

Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavfilter/vf_fieldmatch.c /release/src/router/ffmpeg/libavfilter/vf_fieldmatch.c

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (FFmpegn4.0.2 version)	Remediation Possible**
CVE-2019-17539	Critical	9.8	FFmpegn4.0.2	Direct	n4.2	❌
CVE-2019-17542	Critical	9.8	FFmpegn4.0.2	Direct	n4.2	❌
CVE-2021-38171	Critical	9.8	FFmpegn4.0.2	Direct	ffmpeg - 7:4.3.3-0+deb11u1,7:4.1.8-0+deb10u1,7:3.2.16-1+deb9u1,7:4.4.1-1	❌
CVE-2020-22023	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22022	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22025	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22027	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-21688	High	8.8	FFmpegn4.0.2	Direct	n4.4	❌
CVE-2020-22017	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22032	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22031	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22036	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-20892	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-20891	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2021-33815	High	8.8	FFmpegn4.0.2	Direct	N/A	❌
CVE-2020-22030	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2019-13312	High	8.8	FFmpegn4.0.2	Direct	n4.2	❌
CVE-2019-11339	High	8.8	FFmpegn4.0.2	Direct	n4.0.4	❌
CVE-2020-20896	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-20898	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2021-38093	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2021-38094	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2019-15942	High	8.8	FFmpegn4.0.2	Direct	n4.2.1	❌
CVE-2020-22016	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2021-30123	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2021-38090	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2021-38091	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2021-38092	High	8.8	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2018-13305	High	8.1	FFmpegn4.0.2	Direct	n4.1	❌
CVE-2022-48434	High	8.1	FFmpegn4.0.2	Direct	v5.1.2	❌
CVE-2020-24995	High	7.8	FFmpegn4.0.2	Direct	N/A	❌
CVE-2022-3109	High	7.5	FFmpegn4.0.2	Direct	n5.1	❌
CVE-2020-20450	High	7.5	FFmpegn4.0.2	Direct	n4.4	❌
CVE-2020-20451	High	7.5	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-35965	High	7.5	FFmpegn4.0.2	Direct	ffmpeg - 7:3.2.15-0+deb9u2,7:4.3.1-6,7:4.1.8-0+deb10u1,7:4.3.1-6	❌
CVE-2018-15822	High	7.5	FFmpegn4.0.2	Direct	n4.0.3	❌
CVE-2021-38291	High	7.5	FFmpegn4.0.2	Direct	ffmpeg - 7:4.3.3-0+deb11u1,7:4.1.8-0+deb10u1,7:3.2.16-1+deb9u1,7:4.4.1-1	❌
CVE-2020-21041	High	7.5	FFmpegn4.0.2	Direct	n4.3.2	❌
CVE-2020-22020	Medium	6.5	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-21697	Medium	6.5	FFmpegn4.0.2	Direct	n4.4	❌
CVE-2020-22026	Medium	6.5	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2019-9721	Medium	6.5	FFmpegn4.0.2	Direct	n4.1.1	❌
CVE-2020-22038	Medium	6.5	detected in multiple dependencies	Direct	n4.3	❌
CVE-2018-1999012	Medium	6.5	FFmpegn4.0.2	Direct	n4.0.2	❌
CVE-2020-22028	Medium	6.5	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22043	Medium	6.5	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22042	Medium	6.5	FFmpegn4.0.2	Direct	n4.4	❌
CVE-2020-22044	Medium	6.5	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22046	Medium	6.5	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22049	Medium	6.5	FFmpegn4.0.2	Direct	n3.4.8, n4.0.6, n4.1.6, n4.2.3, n4.3	❌
CVE-2020-22048	Medium	6.5	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22041	Medium	6.5	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22040	Medium	6.5	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22039	Medium	6.5	FFmpegn4.0.2	Direct	n4.3	❌
CVE-2020-22054	Medium	6.5	FFmpegn4.0.2	Direct	n3.4.8, n4.0.6, n4.1.6, n4.2.3, n4.3	❌
CVE-2020-22051	Medium	6.5	FFmpegn4.0.2	Direct	n3.4.8, n4.0.6, n4.1.6, n4.2.3, n4.3	❌
CVE-2019-9718	Medium	6.5	FFmpegn4.0.2	Direct	n4.1.1	❌
CVE-2020-13904	Medium	5.5	FFmpegn4.0.2	Direct	ffmpeg - 7:3.2.15-0+deb9u1,7:4.3.1-1,7:4.3.1-1,7:4.1.6-1~deb10u1	❌
CVE-2020-23906	Medium	5.5	FFmpegn4.0.2	Direct	n4.3.1	❌
CVE-2021-38114	Medium	5.5	FFmpegn4.0.2	Direct	ffmpeg - 7:4.3.3-0+deb11u1,7:4.1.8-0+deb10u1,7:3.2.15-0+deb9u3,7:4.4.1-1	❌
CVE-2022-3341	Medium	5.3	FFmpegn4.0.2	Direct	n5.1	❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (23 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2019-17539

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.

Publish Date: 2019-10-14

URL: CVE-2019-17539

### CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17104

Release Date: 2019-10-14

Fix Resolution: n4.2

CVE-2019-17542

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/ffmpeg/libavcodec/vqavideo.c /release/src/router/ffmpeg/libavcodec/vqavideo.c /release/src/router/ffmpeg/libavcodec/vqavideo.c

### Vulnerability Details

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.

Publish Date: 2019-10-14

URL: CVE-2019-17542

### CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17542

Release Date: 2019-10-14

Fix Resolution: n4.2

CVE-2021-38171

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavformat/adtsenc.c /release/src/router/ffmpeg/libavformat/adtsenc.c

### Vulnerability Details

adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.

Publish Date: 2021-08-21

URL: CVE-2021-38171

### CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-38171

Release Date: 2021-08-21

Fix Resolution: ffmpeg - 7:4.3.3-0+deb11u1,7:4.1.8-0+deb10u1,7:3.2.16-1+deb9u1,7:4.4.1-1

CVE-2020-22023

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavfilter/vf_bitplanenoise.c /release/src/router/ffmpeg/libavfilter/vf_bitplanenoise.c

### Vulnerability Details

A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.

Publish Date: 2021-05-27

URL: CVE-2020-22023

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://trac.ffmpeg.org/ticket/8244

Release Date: 2021-05-27

Fix Resolution: n4.3

CVE-2020-22022

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/ffmpeg/libavfilter/vf_fieldorder.c /release/src/router/ffmpeg/libavfilter/vf_fieldorder.c /release/src/router/ffmpeg/libavfilter/vf_fieldorder.c

### Vulnerability Details

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.

Publish Date: 2021-05-27

URL: CVE-2020-22022

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://trac.ffmpeg.org/ticket/8264

Release Date: 2021-05-27

Fix Resolution: n4.3

CVE-2020-22025

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavfilter/vf_edgedetect.c /release/src/router/ffmpeg/libavfilter/vf_edgedetect.c

### Vulnerability Details

A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.

Publish Date: 2021-05-27

URL: CVE-2020-22025

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://trac.ffmpeg.org/ticket/8260

Release Date: 2021-05-27

Fix Resolution: n4.3

CVE-2020-22027

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/ffmpeg/libavfilter/vf_neighbor.c /release/src/router/ffmpeg/libavfilter/vf_neighbor.c /release/src/router/ffmpeg/libavfilter/vf_neighbor.c

### Vulnerability Details

A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.

Publish Date: 2021-05-27

URL: CVE-2020-22027

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://trac.ffmpeg.org/ticket/8242

Release Date: 2021-05-27

Fix Resolution: n4.3

CVE-2020-21688

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.

Publish Date: 2021-08-10

URL: CVE-2020-21688

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://trac.ffmpeg.org/ticket/8186

Release Date: 2021-08-10

Fix Resolution: n4.4

CVE-2020-22017

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavfilter/vf_datascope.c /release/src/router/ffmpeg/libavfilter/vf_datascope.c

### Vulnerability Details

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.

Publish Date: 2021-05-27

URL: CVE-2020-22017

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://trac.ffmpeg.org/ticket/8309

Release Date: 2021-05-27

Fix Resolution: n4.3

CVE-2020-22032

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavfilter/vf_edgedetect.c /release/src/router/ffmpeg/libavfilter/vf_edgedetect.c

### Vulnerability Details

A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.

Publish Date: 2021-05-27

URL: CVE-2020-22032

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://trac.ffmpeg.org/ticket/8275

Release Date: 2021-05-27

Fix Resolution: n4.3

CVE-2020-22031

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavfilter/vf_w3fdif.c /release/src/router/ffmpeg/libavfilter/vf_w3fdif.c

### Vulnerability Details

A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.

Publish Date: 2021-05-27

URL: CVE-2020-22031

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://trac.ffmpeg.org/ticket/8243

Release Date: 2021-05-27

Fix Resolution: n4.3

CVE-2020-22036

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/ffmpeg/libavfilter/vf_bwdif.c /release/src/router/ffmpeg/libavfilter/vf_bwdif.c /release/src/router/ffmpeg/libavfilter/vf_bwdif.c

### Vulnerability Details

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.

Publish Date: 2021-06-01

URL: CVE-2020-22036

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22036

Release Date: 2021-06-01

Fix Resolution: n4.3

CVE-2020-20892

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/ffmpeg/libavfilter/vf_lenscorrection.c /release/src/router/ffmpeg/libavfilter/vf_lenscorrection.c /release/src/router/ffmpeg/libavfilter/vf_lenscorrection.c

### Vulnerability Details

An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.

Publish Date: 2021-09-20

URL: CVE-2020-20892

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2021-09-20

Fix Resolution: n4.3

CVE-2020-20891

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavfilter/vf_gblur.c /release/src/router/ffmpeg/libavfilter/vf_gblur.c

### Vulnerability Details

Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Publish Date: 2021-09-20

URL: CVE-2020-20891

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2021-09-20

Fix Resolution: n4.3

CVE-2021-33815

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavcodec/exr.c /release/src/router/ffmpeg/libavcodec/exr.c

### Vulnerability Details

dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.

Publish Date: 2021-06-03

URL: CVE-2021-33815

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2020-22030

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavfilter/af_afade.c /release/src/router/ffmpeg/libavfilter/af_afade.c

### Vulnerability Details

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.

Publish Date: 2021-05-27

URL: CVE-2020-22030

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://trac.ffmpeg.org/ticket/8276

Release Date: 2021-05-27

Fix Resolution: n4.3

CVE-2019-13312

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavcodec/zmbvenc.c /release/src/router/ffmpeg/libavcodec/zmbvenc.c

### Vulnerability Details

block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.

Publish Date: 2019-07-05

URL: CVE-2019-13312

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13312

Release Date: 2019-07-05

Fix Resolution: n4.2

CVE-2019-11339

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavcodec/mpeg4videodec.c /release/src/router/ffmpeg/libavcodec/mpeg4videodec.c

### Vulnerability Details

The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.

Publish Date: 2019-04-19

URL: CVE-2019-11339

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11339

Release Date: 2019-05-06

Fix Resolution: n4.0.4

CVE-2020-20896

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavformat/latmenc.c /release/src/router/ffmpeg/libavformat/latmenc.c

### Vulnerability Details

An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.

Publish Date: 2021-09-20

URL: CVE-2020-20896

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2021-09-20

Fix Resolution: n4.3

CVE-2020-20898

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavfilter/vf_convolution.c /release/src/router/ffmpeg/libavfilter/vf_convolution.c

### Vulnerability Details

Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Publish Date: 2021-09-20

URL: CVE-2020-20898

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2021-09-20

Fix Resolution: n4.3

CVE-2021-38093

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavfilter/vf_convolution.c /release/src/router/ffmpeg/libavfilter/vf_convolution.c

### Vulnerability Details

Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Publish Date: 2021-09-20

URL: CVE-2021-38093

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2021-09-20

Fix Resolution: n4.3

CVE-2021-38094

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavfilter/vf_convolution.c /release/src/router/ffmpeg/libavfilter/vf_convolution.c

### Vulnerability Details

Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Publish Date: 2021-09-20

URL: CVE-2021-38094

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2021-09-20

Fix Resolution: n4.3

CVE-2019-15942

### Vulnerable Library - FFmpegn4.0.2

Mirror of git://source.ffmpeg.org/ffmpeg.git

Library home page: https://github.com/FFmpeg/FFmpeg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/ffmpeg/libavcodec/h2645_parse.c /release/src/router/ffmpeg/libavcodec/h2645_parse.c

### Vulnerability Details

FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.

Publish Date: 2019-09-05

URL: CVE-2019-15942

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15942

Release Date: 2019-10-03

Fix Resolution: n4.2.1

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-for-github-com[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.