CVE-2020-22040 — Missing Release of Memory after Effective Lifetime in Ffmpeg

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 56.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJun 1

Latest updateOct 12

Description

A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

▶debiandebian/ffmpeg< ffmpeg 7:4.3-2 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.3-2+3

▶Ubuntuffmpeg/ffmpeg< 7:2.8.17-0ubuntu0.1+esm6+3

OSV

ffmpeg vulnerabilities↗2023-10-12

▶

OSV

ffmpeg vulnerabilities↗2022-06-13

▶

GHSA

GHSA-3r7h-wxv5-qw3v: A Denial of Service vulnerability exists in FFmpeg 4↗2022-05-24

▶

OSV

CVE-2020-22040: A Denial of Service vulnerability exists in FFmpeg 4↗2021-06-01

▶

Ubuntu

FFmpeg vulnerabilities↗2023-10-12

▶

Ubuntu

FFmpeg vulnerabilities↗2022-06-13

▶

Debian

CVE-2020-22040: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in ...↗2020

▶