CVE-2020-22020 — Classic Buffer Overflow in Ffmpeg

CWE-120 — Classic Buffer Overflow8 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

2.3%

top 15.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg Debian Linux

Timeline

PublishedMay 26

Latest updateJun 13

Description

Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/ffmpeg< ffmpeg 7:4.3-2 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.3-2+3

▶Ubuntuffmpeg/ffmpeg< 7:3.4.11-0ubuntu0.1+3

▶NVDffmpeg/ffmpeg4.2

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

OSV

ffmpeg vulnerabilities↗2022-06-13

▶

OSV

ffmpeg vulnerabilities↗2022-06-08

▶

GHSA

GHSA-8pmh-46hf-c4rr: Buffer Overflow vulnerability in FFmpeg 4↗2022-05-24

▶

OSV

CVE-2020-22020: Buffer Overflow vulnerability in FFmpeg 4↗2021-05-26

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2022-06-13

▶

Ubuntu

FFmpeg vulnerabilities↗2022-06-08

▶

Debian

CVE-2020-22020: ffmpeg - Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in li...↗2020

▶