CVE-2020-24020

Name of the Vulnerable Software and Affected Versions FFMpeg version 4.2.3

Description The issue is related to a Buffer Overflow vulnerability in the dnn execute layer pad function of the libavfilter/dnn/dnn backend native layer pad.c component. This vulnerability occurs due to a call to memcpy without proper length checks, which could allow a remote malicious user to execute arbitrary code. Exploitation of this vulnerability may also enable the attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For FFMpeg version 4.2.3, consider disabling the dnn execute layer pad function in the libavfilter/dnn/dnn backend native layer pad.c component as a temporary workaround until a patch is available. Restrict access to the libavfilter module to minimize the risk of exploitation. Avoid using the memcpy function without proper length checks in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.