CVE-2020-22039 — Missing Release of Memory after Effective Lifetime in Ffmpeg

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 58.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJun 1

Latest updateOct 12

Description

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

▶debiandebian/ffmpeg< ffmpeg 7:4.3-2 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.3-2+3

▶Ubuntuffmpeg/ffmpeg< 7:2.8.17-0ubuntu0.1+esm6+2

OSV

ffmpeg vulnerabilities↗2023-10-12

▶

GHSA

GHSA-922p-pp6v-6fw3: A Denial of Service vulnerability exists in FFmpeg 4↗2022-05-24

▶

OSV

CVE-2020-22039: A Denial of Service vulnerability exists in FFmpeg 4↗2021-06-01

▶

Ubuntu

FFmpeg vulnerabilities↗2023-10-12

▶

Debian

CVE-2020-22039: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in t...↗2020

▶