First published: Wed Jun 02 2021(Updated: )
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
FFmpeg FFmpeg | =4.2 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
debian/ffmpeg | 7:4.3.7-0+deb11u1 7:5.1.6-0+deb12u1 7:7.0.2-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-22049 is Denial of Service.
CVE-2020-22049 affects FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
The affected software versions of CVE-2020-22049 include FFmpeg 3.4.8-0ubuntu0.2, FFmpeg 4.2.4-1ubuntu0.1, FFmpeg 4.3, FFmpeg 2.8.17-0ubuntu0.1+, and FFmpeg 4.1.9-0+deb10u1, 4.1.11-0+deb10u1, 4.3.6-0+deb11u1, 5.1.3-1, and 6.0-7.
To fix CVE-2020-22049 on Ubuntu, update FFmpeg to versions 3.4.8-0ubuntu0.2, 4.2.4-1ubuntu0.1, or 2.8.17-0ubuntu0.1+ depending on the version you are using.
To fix CVE-2020-22049 on Debian, update FFmpeg to versions 4.1.9-0+deb10u1, 4.1.11-0+deb10u1, 4.3.6-0+deb11u1, 5.1.3-1, or 6.0-7 depending on the version you are using.