PT-2021-6725 · FFmpeg+5 · Ffmpeg+5

Published

2019-09-11

Updated

2022-06-13

CVE-2020-21688

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FFmpeg version 4.2

Description A heap-use-after-free issue in the av freep function of the libavutil/mem.c component in FFmpeg allows attackers to execute arbitrary code, potentially leading to unauthorized access to confidential data, disruption of data integrity, and denial of service.

Recommendations For FFmpeg version 4.2, consider updating to a newer version that addresses this issue, as the current version allows for the execution of arbitrary code due to the heap-use-after-free vulnerability in the av freep function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2019-2678

BDU:2022-02095

CVE-2020-21688

DLA-3010-1

DSA-4998-1

DSA-5126-1

OPENSUSE-SU-2021:2919-1

OPENSUSE-SU-2021_2919-1

SUSE-SU-2021:2919-1

SUSE-SU-2021:2929-1

USN-5167-1

USN-5472-1

Affected Products

Alt Linux

Astra Linux

Ffmpeg

Linuxmint

Suse

Ubuntu

PT-2021-6725 · FFmpeg+5 · Ffmpeg+5

CVE-2020-21688

Weakness Enumeration

Related Identifiers

Affected Products

References · 133