CVE-2020-21041 — Classic Buffer Overflow in Ffmpeg

CWE-120 — Classic Buffer Overflow8 documents5 sources

Severity

7.5HIGHNVD

OSV6.5

EPSS

1.7%

top 17.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg Debian Linux

Timeline

PublishedMay 24

Latest updateJun 13

Description

Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/ffmpeg< ffmpeg 7:4.3.2-0+deb11u2 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.3.2-0+deb11u2+3

▶Ubuntuffmpeg/ffmpeg< 7:3.4.11-0ubuntu0.1+3

▶NVDffmpeg/ffmpeg4.1

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: trac.ffmpeg.org ↗Patch: trac.ffmpeg.org ↗

🔴Vulnerability Details

OSV

ffmpeg vulnerabilities↗2022-06-13

▶

OSV

ffmpeg vulnerabilities↗2022-06-08

▶

GHSA

GHSA-4j78-4g93-cm53: Buffer Overflow vulnerability exists in FFmpeg 4↗2022-05-24

▶

OSV

CVE-2020-21041: Buffer Overflow vulnerability exists in FFmpeg 4↗2021-05-24

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2022-06-13

▶

Ubuntu

FFmpeg vulnerabilities↗2022-06-08

▶

Debian

CVE-2020-21041: ffmpeg - Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in ...↗2020

▶