CVE-2020-22037

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FFmpeg version 4.2

Description The issue is related to a memory leak in the avcodec alloc context3 function at options.c in the FFmpeg library. This leak occurs due to incorrect memory deallocation before the last reference is removed. Exploitation of this issue allows a remote attacker to cause a denial of service.

Recommendations For FFmpeg version 4.2, consider disabling the avcodec alloc context3 function as a temporary workaround until a patch is available. Restrict access to the options.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2019-2678

ALT-PU-2021-3508

ALT-PU-2021-3575

BDU:2022-05881

CLEANSTART-2026-EZ98723

CLEANSTART-2026-PS82605

CLEANSTART-2026-XE32069

CVE-2020-22037

DLA-2818-1

DSA-4990-1

DSA-4998-1

MGASA-2021-0495

OESA-2025-1771

OESA-2025-1772

OESA-2025-1773

OPENSUSE-SU-2021:3521-1

OPENSUSE-SU-2021_3521-1

OPENSUSE-SU-2024:11548-1

OPENSUSE-SU-2025_1128-1

SUSE-SU-2021:3521-1

SUSE-SU-2023:0005-1

SUSE-SU-2025:1128-1

SUSE-SU-2025_1128-1

USN-5167-1

USN-5472-1

Affected Products

Alt Linux

Astra Linux

Ffmpeg

Linuxmint

Suse

Ubuntu

CVE-2020-22037

Weakness Enumeration

Related Identifiers

Affected Products

References · 275