PT-2019-6402 · FFmpeg+4 · Ffmpeg+4

Published

2019-08-26

Updated

2022-06-13

CVE-2020-20451

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FFmpeg version 4.2

Description The issue is related to a component of the FFmpeg multimedia library, specifically fftools/cmdutils.c, which is associated with incorrect memory deallocation before removing the last reference. This allows a remote attacker to cause a denial of service. The problem stems from resource management errors.

Recommendations For FFmpeg version 4.2, consider applying configuration changes or workarounds to minimize the risk of exploitation, such as restricting access to resources that could be affected by the denial of service issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2019-2678

BDU:2023-07816

CVE-2020-20451

DLA-2818-1

OPENSUSE-SU-2021:2322-1

OPENSUSE-SU-2021_2322-1

SUSE-SU-2021:2322-1

SUSE-SU-2021:2929-1

USN-5167-1

Affected Products

Alt Linux

Astra Linux

Ffmpeg

Suse

Ubuntu

PT-2019-6402 · FFmpeg+4 · Ffmpeg+4

CVE-2020-20451

Weakness Enumeration

Related Identifiers

Affected Products

References · 291