PT-2019-6453 · FFmpeg+2 · Ffmpeg+2

Published

2019-09-11

Updated

2021-06-07

CVE-2020-22056

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FFmpeg version 4.2

Description A Denial of Service issue exists due to a memory leak in the config input function in af acrossover.c. This is caused by incorrect memory deallocation before removing the last reference. Exploitation of this issue can allow a remote attacker to cause a denial of service.

Recommendations For FFmpeg version 4.2, consider disabling the config input function in af acrossover.c as a temporary workaround until a patch is available. Restrict access to the af acrossover.c component to minimize the risk of exploitation. Avoid using the config input function until the issue is resolved.

Exploit

Fix

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2019-2678

BDU:2024-09040

CVE-2020-22056

Affected Products

Alt Linux

Astra Linux

Ffmpeg

PT-2019-6453 · FFmpeg+2 · Ffmpeg+2

CVE-2020-22056

Weakness Enumeration

Related Identifiers

Affected Products

References · 142