CVE-2020-20445 — Divide By Zero in Ffmpeg

CWE-369 — Divide By Zero10 documents5 sources

Severity

6.5MEDIUMNVD

OSV7.5

EPSS

2.0%

top 16.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Netty Debian Ffmpeg +1 more

Timeline

PublishedMay 25

Latest updateJun 13

Description

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/ffmpeg< ffmpeg 7:5.0.1-2 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.3.3-0+deb11u1+3

▶Ubuntuffmpeg/ffmpeg< 7:3.4.11-0ubuntu0.1+3

▶NVDffmpeg/ffmpeg4.2

▶Ubuntunetty/netty< 1:4.1.7-4ubuntu0.1

Also affects: Debian Linux 10.0, 11.0, 9.0

Patches

Patch: trac.ffmpeg.org ↗Patch: trac.ffmpeg.org ↗

🔴Vulnerability Details

OSV

ffmpeg vulnerabilities↗2022-06-13

▶

OSV

ffmpeg vulnerabilities↗2022-06-08

▶

GHSA

GHSA-wpc4-w9pj-2v9r: FFmpeg 4↗2022-05-24

▶

OSV

CVE-2020-20445: FFmpeg 4↗2021-05-25

▶

OSV

netty vulnerabilities↗2020-10-27

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2022-06-13

▶

Ubuntu

FFmpeg vulnerabilities↗2022-06-08

▶

Debian

CVE-2020-20445: ffmpeg - FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which all...↗2020

▶