What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2021-38092.

What component of Ffmpeg is affected by this vulnerability?

The function filter_prewitt in libavfilter/vf_convolution.c is affected by this vulnerability.

What is the severity of CVE-2021-38092?

The severity of CVE-2021-38092 is high, with a CVSS score of 8.8.

What are the possible impacts of this vulnerability?

This vulnerability can cause a Denial of Service or other unspecified impacts.

How can I fix this vulnerability in Ffmpeg 4.2.1?

To fix this vulnerability, upgrade Ffmpeg to version 7:4.2.7-0ubuntu0.1+ or higher.

Are there any additional references for CVE-2021-38092?

Yes, you can refer to these sources for more information: [Git Commit](https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23), [FFmpeg Ticket](https://trac.ffmpeg.org/ticket/8263), and [CVE Details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38092).

Vulnerability/
CVE-2021-38092

high

8.8

CWE

190

20/9/2021

4/8/2024

CVE-2021-38092: Integer Overflow

First published: Mon Sep 20 2021(Updated: )

Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/ffmpeg	<=7:4.1.9-0+deb10u1<=7:4.1.11-0+deb10u1	7:4.3.6-0+deb11u1 7:5.1.4-0+deb12u1 7:6.1.1-1
ubuntu/ffmpeg	<7:4.2.7-0ubuntu0.1+	7:4.2.7-0ubuntu0.1+
FFmpeg FFmpeg	=4.2.1

Remedy

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-6449-1

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-38092.
What component of Ffmpeg is affected by this vulnerability?
The function filter_prewitt in libavfilter/vf_convolution.c is affected by this vulnerability.
What is the severity of CVE-2021-38092?
The severity of CVE-2021-38092 is high, with a CVSS score of 8.8.
What are the possible impacts of this vulnerability?
This vulnerability can cause a Denial of Service or other unspecified impacts.
How can I fix this vulnerability in Ffmpeg 4.2.1?
To fix this vulnerability, upgrade Ffmpeg to version 7:4.2.7-0ubuntu0.1+ or higher.
Are there any additional references for CVE-2021-38092?
Yes, you can refer to these sources for more information: [Git Commit](https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23), [FFmpeg Ticket](https://trac.ffmpeg.org/ticket/8263), and [CVE Details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38092).

agent/references
agent/author
agent/type
agent/last-modified-date
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
collector/usn-cve
source/Ubuntu
agent/remedy
agent/severity
agent/first-publish-date
agent/event
agent/weakness
agent/description
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
package-manager/debian
package-manager/ubuntu
vendor/ffmpeg
canonical/ffmpeg ffmpeg
version/ffmpeg ffmpeg/4.2.1