CVE-2021-38094 — Integer Overflow or Wraparound in Ffmpeg

CWE-190 — Integer Overflow or Wraparound8 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 33.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedSep 20

Latest updateNov 15

Description

Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/ffmpeg< ffmpeg 7:4.3-2 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.3-2+3

▶Ubuntuffmpeg/ffmpeg< 7:3.4.11-0ubuntu0.1+esm4+5

▶NVDffmpeg/ffmpeg4.2.1

Patches

Patch: git.ffmpeg.org ↗Patch: git.ffmpeg.org ↗

🔴Vulnerability Details

OSV

ffmpeg regression↗2023-11-15

▶

OSV

ffmpeg vulnerabilities↗2023-10-24

▶

GHSA

GHSA-xjfw-c7mm-g73f: Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution↗2022-05-24

▶

OSV

CVE-2021-38094: Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution↗2021-09-20

▶

📋Vendor Advisories

Ubuntu

FFmpeg regression↗2023-11-15

▶

Ubuntu

FFmpeg vulnerabilities↗2023-10-24

▶

Debian

CVE-2021-38094: ffmpeg - Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convol...↗2021

▶