What is the vulnerability ID for this heap-based Buffer Overflow vulnerability?

The vulnerability ID is CVE-2020-22023.

Where does the heap-based Buffer Overflow vulnerability exist in FFmpeg 4.2?

The vulnerability exists in the filter_frame function at libavfilter/vf_bitplanenoise.c in FFmpeg 4.2.

What are the potential consequences of the heap-based Buffer Overflow vulnerability?

The potential consequences include memory corruption and other issues.

Which versions of FFmpeg are affected by this vulnerability?

FFmpeg versions 3.4.11-0ubuntu0.1, 4.2.7-0ubuntu0.1, 4.3, and various versions in the Debian repository are affected.

Where can I find more information about this vulnerability?

More information about this vulnerability can be found at the following references: [CVE-2020-22023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22023), [FFmpeg Ticket #8244](https://trac.ffmpeg.org/ticket/8244), and [Ubuntu Security Notice USN-5472-1](https://ubuntu.com/security/notices/USN-5472-1).

Vulnerability/
CVE-2020-22023

high

8.8

CWE

119 787

27/5/2021

4/8/2024

CVE-2020-22023: Buffer Overflow

First published: Thu May 27 2021(Updated: )

A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/ffmpeg		7:4.3.7-0+deb11u1 7:4.3.8-0+deb11u1 7:5.1.6-0+deb12u1 7:7.0.2-3 7:7.1-3
FFmpeg	=4.2
Debian Debian Linux	=9.0
Debian Debian Linux	=10.0

Remedy

https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this heap-based Buffer Overflow vulnerability?
The vulnerability ID is CVE-2020-22023.
Where does the heap-based Buffer Overflow vulnerability exist in FFmpeg 4.2?
The vulnerability exists in the filter_frame function at libavfilter/vf_bitplanenoise.c in FFmpeg 4.2.
What are the potential consequences of the heap-based Buffer Overflow vulnerability?
The potential consequences include memory corruption and other issues.
Which versions of FFmpeg are affected by this vulnerability?
FFmpeg versions 3.4.11-0ubuntu0.1, 4.2.7-0ubuntu0.1, 4.3, and various versions in the Debian repository are affected.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found at the following references: [CVE-2020-22023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22023), [FFmpeg Ticket #8244](https://trac.ffmpeg.org/ticket/8244), and [Ubuntu Security Notice USN-5472-1](https://ubuntu.com/security/notices/USN-5472-1).

agent/type
collector/launchpad-cve
source/Launchpad
agent/author
agent/remedy
agent/weakness
agent/severity
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/usn-cve
source/Ubuntu
agent/references
agent/first-publish-date
agent/description
agent/event
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/trending
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
agent/tags
agent/source
package-manager/debian
vendor/ffmpeg
canonical/ffmpeg
version/ffmpeg/4.2
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
version/debian debian linux/10.0