PT-2021-6540 · FFmpeg+5 · Ffmpeg+5

Published

2019-09-11

Updated

2025-07-11

CVE-2020-21697

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FFmpeg version 4.2

Description The issue is related to a heap-use-after-free in the mpeg mux write packet function in libavformat/mpegenc.c of FFmpeg. This allows a remote attacker to cause a denial of service (DOS) via a crafted avi file.

Recommendations For FFmpeg version 4.2, consider updating to a newer version to mitigate the risk. As a temporary workaround, avoid using the mpeg mux write packet function in libavformat/mpegenc.c until a patch is available. Restrict access to crafted avi files to minimize the risk of exploitation.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2019-2678

BDU:2022-01801

CVE-2020-21697

DSA-4998-1

DSA-5126-1

OESA-2025-1771

OESA-2025-1772

OESA-2025-1773

OPENSUSE-SU-2021:2919-1

OPENSUSE-SU-2021_2919-1

SUSE-SU-2021:2919-1

SUSE-SU-2021:2929-1

USN-5167-1

USN-5472-1

Affected Products

Alt Linux

Astra Linux

Ffmpeg

Linuxmint

Suse

Ubuntu

PT-2021-6540 · FFmpeg+5 · Ffmpeg+5

CVE-2020-21697

Weakness Enumeration

Related Identifiers

Affected Products

References · 152