CVE-2020-22046 — Missing Release of Memory after Effective Lifetime in Ffmpeg

Severity

6.5MEDIUMNVD

EPSS

0.6%

top 30.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJun 2

Latest updateJun 13

Description

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

▶debiandebian/ffmpeg< ffmpeg 7:4.3-2 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.3-2+3

▶Ubuntuffmpeg/ffmpeg< 7:2.8.17-0ubuntu0.1+esm4

Also affects: Debian Linux 9.0

OSV

ffmpeg vulnerabilities↗2022-06-13

▶

GHSA

GHSA-vj9r-gj66-2wxf: A Denial of Service vulnerability exists in FFmpeg 4↗2022-05-24

▶

OSV

CVE-2020-22046: A Denial of Service vulnerability exists in FFmpeg 4↗2021-06-02

▶

Ubuntu

FFmpeg vulnerabilities↗2022-06-13

▶

Debian

CVE-2020-22046: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in t...↗2020

▶