PT-2021-4516 · FFmpeg+5 · Ffmpeg+5

Published

2019-09-11

Updated

2022-06-13

CVE-2020-22016

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FFmpeg version 4.2

Description A heap-based Buffer Overflow issue in FFmpeg's libavcodec/get bits.h when writing .mov files may lead to memory corruption and other potential consequences. This could allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For FFmpeg version 4.2, consider updating to a newer version that addresses this issue, as the current version may lead to memory corruption and other potential consequences when writing .mov files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2019-2678

BDU:2021-05157

CVE-2020-22016

DLA-2742-1

DSA-4990-1

OPENSUSE-SU-2021:2322-1

OPENSUSE-SU-2021_2322-1

SUSE-SU-2021:2322-1

SUSE-SU-2021:2929-1

USN-5167-1

USN-5472-1

Affected Products

Alt Linux

Astra Linux

Ffmpeg

Linuxmint

Suse

Ubuntu

PT-2021-4516 · FFmpeg+5 · Ffmpeg+5

CVE-2020-22016

Weakness Enumeration

Related Identifiers

Affected Products

References · 133