CVE-2020-22033 - A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convo

CVE-2020-22033

Summary

A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.

References

https://trac.ffmpeg.org/ticket/8246
https://www.debian.org/security/2021/dsa-4990
https://cwe.mitre.org/data/definitions/122.html

Vulnerable Configurations

cpe:2.3:a:ffmpeg:ffmpeg:4.2:-:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:4.2:-:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 26-10-2022 - 18:00)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

Last major update

26-10-2022 - 18:00

Published

27-05-2021 - 19:15

Last modified

26-10-2022 - 18:00