PT-2019-6261 · FFmpeg+4 · Ffmpeg+4
Publicado
2019-09-11
·
Atualizado
2022-06-13
·
CVE-2020-22049
CVSS v2.0
7.1
Alta
| Vetor | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
FFmpeg version 4.2
Description
A Denial of Service issue exists due to a memory leak in the
wtvfile open sector function in wtvdec.c. This is caused by incorrect memory deallocation before removing the last reference, allowing a remote attacker to cause a denial of service.Recommendations
For FFmpeg version 4.2, consider disabling the
wtvfile open sector function in wtvdec.c as a temporary workaround until a patch is available. Restrict access to the wtvdec.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Memory Leak
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Astra Linux
Ffmpeg
Suse
Ubuntu