CVE-2020-20896 — NULL Pointer Dereference in Ffmpeg

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 53.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedSep 20

Latest updateMay 24

Description

An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/ffmpeg< ffmpeg 7:4.3-2 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.3-2+3

▶NVDffmpeg/ffmpeg4.2.1

Patches

Patch: git.ffmpeg.org ↗Patch: git.ffmpeg.org ↗

🔴Vulnerability Details

GHSA

GHSA-f4hr-8v6m-mr63: An issue was discovered in function latm_write_packet in libavformat/latmenc↗2022-05-24

▶

OSV

CVE-2020-20896: An issue was discovered in function latm_write_packet in libavformat/latmenc↗2021-09-20

▶

📋Vendor Advisories

Debian

CVE-2020-20896: ffmpeg - An issue was discovered in function latm_write_packet in libavformat/latmenc.c i...↗2020

▶