CVE-2020-20892 — Divide By Zero in Ffmpeg

CWE-369 — Divide By Zero6 documents5 sources

Severity

8.8HIGHNVD

OSV6.5

EPSS

0.3%

top 43.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedSep 20

Latest updateJun 13

Description

An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/ffmpeg< ffmpeg 7:4.3-2 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.3-2+3

▶Ubuntuffmpeg/ffmpeg< 7:2.8.17-0ubuntu0.1+esm4

▶NVDffmpeg/ffmpeg4.2.1

🔴Vulnerability Details

OSV

ffmpeg vulnerabilities↗2022-06-13

▶

GHSA

GHSA-pjpj-c8p5-7mqj: An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection↗2022-05-24

▶

OSV

CVE-2020-20892: An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection↗2021-09-20

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2022-06-13

▶

Debian

CVE-2020-20892: ffmpeg - An issue was discovered in function filter_frame in libavfilter/vf_lenscorrectio...↗2020

▶