CVE-2020-22038 — Missing Release of Memory after Effective Lifetime in Ffmpeg

Severity

6.5MEDIUMNVD

OSV8.8

EPSS

0.2%

top 58.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJun 1

Latest updateNov 15

Description

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

▶debiandebian/ffmpeg< ffmpeg 7:4.4-5 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.4-5+2

▶Ubuntuffmpeg/ffmpeg< 7:3.4.11-0ubuntu0.1+esm4+5

OSV

ffmpeg regression↗2023-11-15

▶

OSV

ffmpeg vulnerabilities↗2023-10-24

▶

GHSA

GHSA-g2j2-mm6j-gv6r: A Denial of Service vulnerability exists in FFmpeg 4↗2022-05-24

▶

OSV

CVE-2020-22038: A Denial of Service vulnerability exists in FFmpeg 4↗2021-06-01

▶

Ubuntu

FFmpeg regression↗2023-11-15

▶

Ubuntu

FFmpeg vulnerabilities↗2023-10-24

▶

Debian

CVE-2020-22038: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in t...↗2020

▶