PT-2019-6261 · FFmpeg+4 · Ffmpeg+4

Published

2019-09-11

·

Updated

2022-06-13

·

CVE-2020-22049

CVSS v2.0

7.1

High

VectorAV:N/AC:M/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions FFmpeg version 4.2
Description A Denial of Service issue exists due to a memory leak in the wtvfile open sector function in wtvdec.c. This is caused by incorrect memory deallocation before removing the last reference, allowing a remote attacker to cause a denial of service.
Recommendations For FFmpeg version 4.2, consider disabling the wtvfile open sector function in wtvdec.c as a temporary workaround until a patch is available. Restrict access to the wtvdec.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2019-2678
BDU:2022-06042
CVE-2020-22049
DLA-2818-1
DSA-4990-1
OPENSUSE-SU-2021:2919-1
OPENSUSE-SU-2021_2919-1
SUSE-SU-2021:2919-1
SUSE-SU-2021:2929-1
USN-5167-1

Affected Products

Alt Linux
Astra Linux
Ffmpeg
Suse
Ubuntu