CVE-2020-22051 — Missing Release of Memory after Effective Lifetime in Ffmpeg

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 56.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJun 2

Latest updateOct 12

Description

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

▶debiandebian/ffmpeg< ffmpeg 7:4.3-2 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.3-2+3

▶Ubuntuffmpeg/ffmpeg< 7:2.8.17-0ubuntu0.1+esm6+2

OSV

ffmpeg vulnerabilities↗2023-10-12

▶

GHSA

GHSA-8rfm-2pfj-5pq2: A Denial of Service vulnerability exists in FFmpeg 4↗2022-05-24

▶

OSV

CVE-2020-22051: A Denial of Service vulnerability exists in FFmpeg 4↗2021-06-02

▶

Ubuntu

FFmpeg vulnerabilities↗2023-10-12

▶

Debian

CVE-2020-22051: ffmpeg - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in t...↗2020

▶