Out-of-bounds Write Affecting ffmpeg package, versions <7:4.2.4-1ubuntu0.1
Threat Intelligence
EPSS
4.98% (93rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UBUNTU2004-FFMPEG-584311
- published 30 Apr 2020
- disclosed 28 Apr 2020
Introduced: 28 Apr 2020
CVE-2020-12284 Open this link in a new tabHow to fix?
Upgrade Ubuntu:20.04 ffmpeg to version 7:4.2.4-1ubuntu0.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream ffmpeg package and not the ffmpeg package as distributed by Ubuntu.
See How to fix? for Ubuntu:20.04 relevant fixed versions and status.
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-12284
- https://www.debian.org/security/2020/dsa-4722
- https://security-tracker.debian.org/tracker/CVE-2020-12284
- https://security.gentoo.org/glsa/202007-58
- https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734
- https://github.com/FFmpeg/FFmpeg/commit/a3a3730b5456ca00587455004d40c047f7b20a99
- https://usn.ubuntu.com/4431-1/
CVSS Scores
version 3.1