PT-2019-6178 · FFmpeg+3 · Ffmpeg+3

Published

2019-09-18

Updated

2023-01-02

CVE-2020-20902

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions FFmpeg version 4.2.1

Description A CWE-125: Out-of-bounds read issue exists in the long term filter function in g729postfilter.c during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. This vulnerability is related to a buffer data out-of-bounds read in the g729postfilter.c component of the FFmpeg multimedia library. Exploitation of this issue could allow a remote attacker to access confidential data.

Recommendations For FFmpeg version 4.2.1, consider disabling the long term filter function in g729postfilter.c as a temporary workaround until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-1014

ALT-PU-2020-2032

BDU:2022-01678

CVE-2020-20902

DLA-3010-1

DSA-4722-1

OPENSUSE-SU-2021:3521-1

OPENSUSE-SU-2021_3521-1

SUSE-SU-2021:3521-1

SUSE-SU-2023:0005-1

USN-5167-1

Affected Products

Alt Linux

Ffmpeg

Suse

Ubuntu

PT-2019-6178 · FFmpeg+3 · Ffmpeg+3

CVE-2020-20902

Weakness Enumeration

Related Identifiers

Affected Products

References · 221