First published: Mon Sep 20 2021(Updated: )
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/ffmpeg | <7:4.2.7-0ubuntu0.1+ | 7:4.2.7-0ubuntu0.1+ |
debian/ffmpeg | <=7:4.1.9-0+deb10u1<=7:4.1.11-0+deb10u1 | 7:4.3.6-0+deb11u1 7:5.1.4-0+deb12u1 7:6.1.1-1 |
FFmpeg FFmpeg | =4.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-38093 is an Integer Overflow vulnerability in the filter_robert function in libavfilter/vf_convolution.c in Ffmpeg. It allows attackers to cause a Denial of Service or other unspecified impacts.
CVE-2021-38093 has a severity score of 8.8 (high).
Ffmpeg version 4.2.1 is affected by CVE-2021-38093.
To fix CVE-2021-38093, it is recommended to update Ffmpeg to version 4.2.7-0ubuntu0.1+ (for Ubuntu) or 7:4.3.6-0+deb11u1, 7:5.1.3-1, or 7:6.0-7 (for Debian).
More information about CVE-2021-38093 can be found at the following references: [Git commit](https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23), [FFmpeg ticket](https://trac.ffmpeg.org/ticket/8263), [CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38093).