PT-2019-6245 · FFmpeg+4 · Ffmpeg+4

Published

2019-09-11

Updated

2022-06-13

CVE-2020-22054

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FFmpeg version 4.2

Description A Denial of Service issue exists due to a memory leak in the av dict set function in dict.c. This is caused by incorrect memory deallocation before removing the last reference, allowing a remote attacker to cause a denial of service.

Recommendations For FFmpeg version 4.2, as a temporary workaround, consider disabling the av dict set function until a patch is available. Restrict access to the dict.c component to minimize the risk of exploitation.

Exploit

Fix

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2019-2678

BDU:2022-05882

CVE-2020-22054

DLA-2818-1

DSA-4990-1

OPENSUSE-SU-2021:2919-1

OPENSUSE-SU-2021_2919-1

SUSE-SU-2021:2919-1

SUSE-SU-2021:2929-1

USN-5167-1

Affected Products

Alt Linux

Astra Linux

Ffmpeg

Suse

Ubuntu

PT-2019-6245 · FFmpeg+4 · Ffmpeg+4

CVE-2020-22054

Weakness Enumeration

Related Identifiers

Affected Products

References · 277