CVE-2020-24995 — Classic Buffer Overflow in Ffmpeg

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 54.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedMar 30

Latest updateMay 24

Description

Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDffmpeg/ffmpeg3.1.2

▶debiandebian/ffmpeg

Patches

Patch: trac.ffmpeg.org ↗Patch: trac.ffmpeg.org ↗Patch: trac.ffmpeg.org ↗

🔴Vulnerability Details

GHSA

GHSA-jcg4-7x25-pqcr: Buffer overflow vulnerability in sniff_channel_order function in aacdec_template↗2022-05-24

▶

📋Vendor Advisories

Debian

CVE-2020-24995: ffmpeg - Buffer overflow vulnerability in sniff_channel_order function in aacdec_template...↗2020

▶