PT-2021-4069 · FFmpeg+1 · Ffmpeg+1
Burak Çarıkçı
·
Published
2021-05-27
·
Updated
2026-02-06
·
CVE-2021-33815
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FFmpeg version 4.4
Description
The issue is related to the
dwa uncompress function in the libavcodec/exr.c component of the FFmpeg multimedia library. It involves incorrect checking of dc count, which can lead to an out-of-bounds array access. This could allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.Recommendations
For FFmpeg version 4.4, consider disabling the
dwa uncompress function in libavcodec/exr.c as a temporary workaround until a patch is available. Restrict access to the libavcodec/exr.c component to minimize the risk of exploitation. Avoid using the dc count variable in the affected function until the issue is resolved.Fix
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Ffmpeg