CVE-2020-22031: Buffer Overflow
First published: Thu May 27 2021(Updated: )
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/ffmpeg | 7:4.3.7-0+deb11u1 7:4.3.8-0+deb11u1 7:5.1.6-0+deb12u1 7:7.0.2-3 7:7.1-3 | |
| FFmpeg | =4.2 | |
| Debian GNU/Linux | =9.0 | |
| Debian GNU/Linux | =10.0 |
Remedy
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://trac.ffmpeg.org/attachment/ticket/8243/gdb-vf_w3fdif_191
- https://trac.ffmpeg.org/ticket/8243
- https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html
- https://www.debian.org/security/2021/dsa-4990
- https://launchpad.net/bugs/cve/CVE-2020-22031
- https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8
- https://security-tracker.debian.org/tracker/CVE-2020-22031
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22031
- https://nvd.nist.gov/vuln/detail/CVE-2020-22031
- https://ubuntu.com/security/CVE-2020-22031
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-22031.
Where does the vulnerability exist?
The vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low.
What are the potential consequences of this vulnerability?
The potential consequences of this vulnerability include memory corruption and other potential issues.
Which software versions are affected?
The affected software versions include FFmpeg 3.4.11-0ubuntu0.1, FFmpeg 4.2.7-0ubuntu0.1, FFmpeg 4.3, FFmpeg 2.8.17-0ubuntu0.1+, and FFmpeg 4.1.9-0+deb10u1, 4.1.11-0+deb10u1, 4.3.6-0+deb11u1, 5.1.3-1, and 6.0-7.
How can I fix this vulnerability?
To fix this vulnerability, update to the appropriate version of FFmpeg as mentioned in the affected software section.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- package-manager/debian
- vendor/ffmpeg
- canonical/ffmpeg
- version/ffmpeg/4.2
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/9.0
- version/debian gnu/linux/10.0