Out-of-bounds Write Affecting ffmpeg package, versions <7:4.2.7-0ubuntu0.1
Threat Intelligence
EPSS
0.46% (76th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UBUNTU2004-FFMPEG-1297837
- published 1 Dec 2021
- disclosed 27 May 2021
Introduced: 27 May 2021
CVE-2020-22029 Open this link in a new tabHow to fix?
Upgrade Ubuntu:20.04 ffmpeg to version 7:4.2.7-0ubuntu0.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream ffmpeg package and not the ffmpeg package as distributed by Ubuntu.
See How to fix? for Ubuntu:20.04 relevant fixed versions and status.
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-22029
- https://www.debian.org/security/2021/dsa-4990
- http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae
- https://trac.ffmpeg.org/ticket/8250
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=a7fd1279703683ebb548ef7baa2f1519994496ae
CVSS Scores
version 3.1