CVE-2020-22029

Name of the Vulnerable Software and Affected Versions FFmpeg version 4.2

Description The issue is related to a heap-based Buffer Overflow vulnerability in the slice get derivative function of the FFmpeg library. This vulnerability can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. The vulnerability is associated with a buffer overflow, which may lead to memory corruption and other potential consequences.

Recommendations For FFmpeg version 4.2, consider disabling the slice get derivative function as a temporary workaround until a patch is available. Restrict access to the libavfilter/vf colorconstancy.c module to minimize the risk of exploitation. Avoid using the crossfade samples fltp function in conjunction with slice get derivative until the issue is resolved.