Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-24020 (GCVE-0-2020-24020)
Vulnerability from cvelistv5 – Published: 2021-05-26 14:36 – Updated: 2024-08-04 15:05
VLAI?
EPSS
Summary
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:05:11.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.ffmpeg.org/ticket/8718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=584f396132aa19d21bb1e38ad9a5d428869290cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T14:36:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.ffmpeg.org/ticket/8718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=584f396132aa19d21bb1e38ad9a5d428869290cb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trac.ffmpeg.org/ticket/8718",
"refsource": "MISC",
"url": "https://trac.ffmpeg.org/ticket/8718"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb",
"refsource": "MISC",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24020",
"datePublished": "2021-05-26T14:36:15.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:05:11.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:4.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B065434E-291D-4EAE-82AC-B747F0E93EBF\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de Desbordamiento del B\\u00fafer en FFMpeg versi\\u00f3n 4.2.3 en la funci\\u00f3n dnn_execute_layer_pad del archivo libavfilter/dnn/dnn_backend_native_layer_pad.c debido a una llamada a memcpy sin comprobaciones de longitud, lo que podr\\u00eda permitir a un usuario malicioso remoto ejecutar c\\u00f3digo arbitrario\"}]",
"id": "CVE-2020-24020",
"lastModified": "2024-11-21T05:14:19.433",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-05-26T15:15:07.897",
"references": "[{\"url\": \"http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=584f396132aa19d21bb1e38ad9a5d428869290cb\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://trac.ffmpeg.org/ticket/8718\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=584f396132aa19d21bb1e38ad9a5d428869290cb\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://trac.ffmpeg.org/ticket/8718\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-24020\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-05-26T15:15:07.897\",\"lastModified\":\"2024-11-21T05:14:19.433\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Desbordamiento del B\u00fafer en FFMpeg versi\u00f3n 4.2.3 en la funci\u00f3n dnn_execute_layer_pad del archivo libavfilter/dnn/dnn_backend_native_layer_pad.c debido a una llamada a memcpy sin comprobaciones de longitud, lo que podr\u00eda permitir a un usuario malicioso remoto ejecutar c\u00f3digo arbitrario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B065434E-291D-4EAE-82AC-B747F0E93EBF\"}]}]}],\"references\":[{\"url\":\"http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=584f396132aa19d21bb1e38ad9a5d428869290cb\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://trac.ffmpeg.org/ticket/8718\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=584f396132aa19d21bb1e38ad9a5d428869290cb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://trac.ffmpeg.org/ticket/8718\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}"
}
}
WID-SEC-W-2022-0210
Vulnerability from csaf_certbund - Published: 2021-05-26 22:00 - Updated: 2025-03-19 23:00Summary
ffmpeg: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das FFmpeg-Projekt besteht aus freien Programmen und Bibliotheken, die es ermöglichen, digitales Video- und Audiomaterial aufzunehmen, zu konvertieren, zu streamen und abzuspielen. Zudem enthält es mit libavcodec eine Audio- und Video-Codec-Sammlung, die verschiedene Codecs zur Verfügung stellt.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ffmpeg ausnutzen, um einen Denial of Service Angriff durchzuführen, vertrauliche Informationen offenzulegen oder beliebigen Code auszuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das FFmpeg-Projekt besteht aus freien Programmen und Bibliotheken, die es erm\u00f6glichen, digitales Video- und Audiomaterial aufzunehmen, zu konvertieren, zu streamen und abzuspielen. Zudem enth\u00e4lt es mit libavcodec eine Audio- und Video-Codec-Sammlung, die verschiedene Codecs zur Verf\u00fcgung stellt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ffmpeg ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0210 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0210.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0210 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0210"
},
{
"category": "external",
"summary": "NIST - NATIONAL VULNERABILITY DATABASE vom 2021-05-26",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22028"
},
{
"category": "external",
"summary": "NIST - NATIONAL VULNERABILITY DATABASE vom 2021-05-26",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22026"
},
{
"category": "external",
"summary": "NIST - NATIONAL VULNERABILITY DATABASE vom 2021-05-26",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22024"
},
{
"category": "external",
"summary": "NIST - NATIONAL VULNERABILITY DATABASE vom 2021-05-26",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
},
{
"category": "external",
"summary": "NIST - NATIONAL VULNERABILITY DATABASE vom 2021-05-26",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22020"
},
{
"category": "external",
"summary": "NIST - NATIONAL VULNERABILITY DATABASE vom 2021-05-26",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
},
{
"category": "external",
"summary": "NIST - NATIONAL VULNERABILITY DATABASE vom 2021-05-26",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
},
{
"category": "external",
"summary": "NIST - NATIONAL VULNERABILITY DATABASE vom 2021-05-26",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2322-1 vom 2021-07-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009140.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2742 vom 2021-08-15",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2929-1 vom 2021-09-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009391.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4990 vom 2021-10-20",
"url": "https://www.debian.org/security/2021/dsa-4990"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5472-1 vom 2022-06-09",
"url": "https://ubuntu.com/security/notices/USN-5472-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6430-1 vom 2023-10-12",
"url": "https://ubuntu.com/security/notices/USN-6430-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1907-1 vom 2024-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018648.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1909-1 vom 2024-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018646.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14880-1 vom 2025-03-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KUNBIIMZPO2CYNFZN23VHMH6CASEJ5YD/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0958-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020566.html"
}
],
"source_lang": "en-US",
"title": "ffmpeg: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-03-19T23:00:00.000+00:00",
"generator": {
"date": "2025-03-20T09:23:16.712+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-0210",
"initial_release_date": "2021-05-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2021-05-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-07-14T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-08-15T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2021-09-02T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-10-19T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-06-08T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-10-12T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-06-03T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-13T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-03-19T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=4.2.3",
"product": {
"name": "Open Source ffmpeg \u003c=4.2.3",
"product_id": "753371"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.2.3",
"product": {
"name": "Open Source ffmpeg \u003c=4.2.3",
"product_id": "753371-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.2",
"product": {
"name": "Open Source ffmpeg \u003c=4.2",
"product_id": "T014950"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.2",
"product": {
"name": "Open Source ffmpeg \u003c=4.2",
"product_id": "T014950-fixed"
}
}
],
"category": "product_name",
"name": "ffmpeg"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-22015",
"product_status": {
"known_affected": [
"2951",
"T002207",
"753371",
"T000126",
"T027843",
"T014950"
]
},
"release_date": "2021-05-26T22:00:00.000+00:00",
"title": "CVE-2020-22015"
},
{
"cve": "CVE-2020-22019",
"product_status": {
"known_affected": [
"2951",
"T002207",
"753371",
"T000126",
"T027843",
"T014950"
]
},
"release_date": "2021-05-26T22:00:00.000+00:00",
"title": "CVE-2020-22019"
},
{
"cve": "CVE-2020-22020",
"product_status": {
"known_affected": [
"2951",
"T002207",
"753371",
"T000126",
"T027843",
"T014950"
]
},
"release_date": "2021-05-26T22:00:00.000+00:00",
"title": "CVE-2020-22020"
},
{
"cve": "CVE-2020-22021",
"product_status": {
"known_affected": [
"2951",
"T002207",
"753371",
"T000126",
"T027843",
"T014950"
]
},
"release_date": "2021-05-26T22:00:00.000+00:00",
"title": "CVE-2020-22021"
},
{
"cve": "CVE-2020-22024",
"product_status": {
"known_affected": [
"2951",
"T002207",
"753371",
"T000126",
"T027843",
"T014950"
]
},
"release_date": "2021-05-26T22:00:00.000+00:00",
"title": "CVE-2020-22024"
},
{
"cve": "CVE-2020-22026",
"product_status": {
"known_affected": [
"2951",
"T002207",
"753371",
"T000126",
"T027843",
"T014950"
]
},
"release_date": "2021-05-26T22:00:00.000+00:00",
"title": "CVE-2020-22026"
},
{
"cve": "CVE-2020-22028",
"product_status": {
"known_affected": [
"2951",
"T002207",
"753371",
"T000126",
"T027843",
"T014950"
]
},
"release_date": "2021-05-26T22:00:00.000+00:00",
"title": "CVE-2020-22028"
},
{
"cve": "CVE-2020-24020",
"product_status": {
"known_affected": [
"2951",
"T002207",
"753371",
"T000126",
"T027843",
"T014950"
]
},
"release_date": "2021-05-26T22:00:00.000+00:00",
"title": "CVE-2020-24020"
}
]
}
BDU:2021-04596
Vulnerability from fstec - Published: 07.06.2020
VLAI Severity ?
Title
Уязвимость функции dnn_execute_layer_pad компонента libavfilter/dnn/dnn_backend_native_layer_pad.c мультимедийной библиотеки FFmpeg, связанная с переполнением буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Description
Уязвимость функции dnn_execute_layer_pad компонента libavfilter/dnn/dnn_backend_native_layer_pad.c мультимедийной библиотеки FFmpeg связана с переполнением буфера в памяти из-за отсутствия проверки размера данных при вызове memcpy. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity ?
Vendor
Сообщество свободного программного обеспечения, FFmpeg team
Software Name
Debian GNU/Linux, FFmpeg
Software Version
9 (Debian GNU/Linux), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), от 4.2.3 до 4.3 (FFmpeg)
Possible Mitigations
Для FFmpeg:
использование рекомендаций производителя: https://trac.ffmpeg.org/ticket/8718
Для ОС Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2020-24020
Reference
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb
https://nvd.nist.gov/vuln/detail/CVE-2020-24020
https://security-tracker.debian.org/tracker/CVE-2020-24020
https://trac.ffmpeg.org/ticket/8718
CWE
CWE-120
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, FFmpeg team",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), \u043e\u0442 4.2.3 \u0434\u043e 4.3 (FFmpeg)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f FFmpeg:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://trac.ffmpeg.org/ticket/8718\n\n\u0414\u043b\u044f \u041e\u0421 Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2020-24020",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.06.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.09.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.09.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-04596",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-24020",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, FFmpeg",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 dnn_execute_layer_pad \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 libavfilter/dnn/dnn_backend_native_layer_pad.c \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 FFmpeg, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430) (CWE-120)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 dnn_execute_layer_pad \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 libavfilter/dnn/dnn_backend_native_layer_pad.c \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 FFmpeg \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u0438\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438 \u0432\u044b\u0437\u043e\u0432\u0435 memcpy. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-24020\nhttps://security-tracker.debian.org/tracker/CVE-2020-24020\nhttps://trac.ffmpeg.org/ticket/8718",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-120",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CNVD-2021-38297
Vulnerability from cnvd - Published: 2021-05-31
VLAI Severity ?
Title
FFmpeg缓冲区溢出漏洞(CNVD-2021-38297)
Description
FFmpeg是一套可以用来记录、转换数字音频、视频,并能将其转化为流的开源计算机程序,采用LGPL或GPL许可证。
FFmpeg 4.2.3版本中的libavfilter/dnn/dnn_backend_native_layer_pad.c中的dnn_execute_layer_pad存在缓冲区溢出漏洞。该漏洞源于调用memcpy而未能进行长度检查。攻击者可利用该漏洞执行任意代码。
Severity
中
Patch Name
FFmpeg缓冲区溢出漏洞(CNVD-2021-38297)的补丁
Patch Description
FFmpeg是一套可以用来记录、转换数字音频、视频,并能将其转化为流的开源计算机程序,采用LGPL或GPL许可证。
FFmpeg 4.2.3版本中的libavfilter/dnn/dnn_backend_native_layer_pad.c中的dnn_execute_layer_pad存在缓冲区溢出漏洞。该漏洞源于调用memcpy而未能进行长度检查。攻击者可利用该漏洞执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://trac.ffmpeg.org/ticket/8718
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-24020
Impacted products
| Name | FFmpeg FFmpeg 4.2.3 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-24020",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
}
},
"description": "FFmpeg\u662f\u4e00\u5957\u53ef\u4ee5\u7528\u6765\u8bb0\u5f55\u3001\u8f6c\u6362\u6570\u5b57\u97f3\u9891\u3001\u89c6\u9891\uff0c\u5e76\u80fd\u5c06\u5176\u8f6c\u5316\u4e3a\u6d41\u7684\u5f00\u6e90\u8ba1\u7b97\u673a\u7a0b\u5e8f\uff0c\u91c7\u7528LGPL\u6216GPL\u8bb8\u53ef\u8bc1\u3002\n\nFFmpeg 4.2.3\u7248\u672c\u4e2d\u7684libavfilter/dnn/dnn_backend_native_layer_pad.c\u4e2d\u7684dnn_execute_layer_pad\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8c03\u7528memcpy\u800c\u672a\u80fd\u8fdb\u884c\u957f\u5ea6\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://trac.ffmpeg.org/ticket/8718",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-38297",
"openTime": "2021-05-31",
"patchDescription": "FFmpeg\u662f\u4e00\u5957\u53ef\u4ee5\u7528\u6765\u8bb0\u5f55\u3001\u8f6c\u6362\u6570\u5b57\u97f3\u9891\u3001\u89c6\u9891\uff0c\u5e76\u80fd\u5c06\u5176\u8f6c\u5316\u4e3a\u6d41\u7684\u5f00\u6e90\u8ba1\u7b97\u673a\u7a0b\u5e8f\uff0c\u91c7\u7528LGPL\u6216GPL\u8bb8\u53ef\u8bc1\u3002\r\n\r\nFFmpeg 4.2.3\u7248\u672c\u4e2d\u7684libavfilter/dnn/dnn_backend_native_layer_pad.c\u4e2d\u7684dnn_execute_layer_pad\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8c03\u7528memcpy\u800c\u672a\u80fd\u8fdb\u884c\u957f\u5ea6\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "FFmpeg\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-38297\uff09\u7684\u8865\u4e01",
"products": {
"product": "FFmpeg FFmpeg 4.2.3"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020",
"serverity": "\u4e2d",
"submitTime": "2021-05-27",
"title": "FFmpeg\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-38297\uff09"
}
GHSA-GXPF-25MM-VM27
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03
VLAI?
Details
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2020-24020"
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-26T15:15:00Z",
"severity": "HIGH"
},
"details": "Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.",
"id": "GHSA-gxpf-25mm-vm27",
"modified": "2022-05-24T19:03:21Z",
"published": "2022-05-24T19:03:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://trac.ffmpeg.org/ticket/8718"
},
{
"type": "WEB",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2020-24020
Vulnerability from fkie_nvd - Published: 2021-05-26 15:15 - Updated: 2024-11-21 05:14
Severity ?
Summary
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=584f396132aa19d21bb1e38ad9a5d428869290cb | ||
| cve@mitre.org | https://trac.ffmpeg.org/ticket/8718 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=584f396132aa19d21bb1e38ad9a5d428869290cb | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://trac.ffmpeg.org/ticket/8718 | Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B065434E-291D-4EAE-82AC-B747F0E93EBF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Desbordamiento del B\u00fafer en FFMpeg versi\u00f3n 4.2.3 en la funci\u00f3n dnn_execute_layer_pad del archivo libavfilter/dnn/dnn_backend_native_layer_pad.c debido a una llamada a memcpy sin comprobaciones de longitud, lo que podr\u00eda permitir a un usuario malicioso remoto ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2020-24020",
"lastModified": "2024-11-21T05:14:19.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-26T15:15:07.897",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=584f396132aa19d21bb1e38ad9a5d428869290cb"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://trac.ffmpeg.org/ticket/8718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=584f396132aa19d21bb1e38ad9a5d428869290cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://trac.ffmpeg.org/ticket/8718"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2020-24020
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-24020",
"description": "Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.",
"id": "GSD-2020-24020",
"references": [
"https://www.suse.com/security/cve/CVE-2020-24020.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-24020"
],
"details": "Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.",
"id": "GSD-2020-24020",
"modified": "2023-12-13T01:22:12.007908Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trac.ffmpeg.org/ticket/8718",
"refsource": "MISC",
"url": "https://trac.ffmpeg.org/ticket/8718"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb",
"refsource": "MISC",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:4.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24020"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb"
},
{
"name": "https://trac.ffmpeg.org/ticket/8718",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://trac.ffmpeg.org/ticket/8718"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-05-28T19:37Z",
"publishedDate": "2021-05-26T15:15Z"
}
}
}
cleanstart-2026-ez98723
Vulnerability from cleanstart
Published
2026-01-30 14:21
Modified
2026-01-29 18:58
Summary
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...
Details
Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "ffmpeg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-EZ98723",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T14:21:51.714006Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-EZ98723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47470"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47470"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...",
"upstream": [
"CVE-2017-14058",
"CVE-2017-14225",
"CVE-2018-10001",
"CVE-2018-12458",
"CVE-2018-12459",
"CVE-2018-12460",
"CVE-2018-13300",
"CVE-2018-13301",
"CVE-2018-13302",
"CVE-2018-13303",
"CVE-2018-13304",
"CVE-2018-13305",
"CVE-2018-14394",
"CVE-2018-14395",
"CVE-2018-15822",
"CVE-2018-1999010",
"CVE-2018-1999011",
"CVE-2018-1999012",
"CVE-2018-1999013",
"CVE-2018-1999014",
"CVE-2018-1999015",
"CVE-2018-6912",
"CVE-2018-7557",
"CVE-2018-7751",
"CVE-2018-7757",
"CVE-2018-9841",
"CVE-2019-1000016",
"CVE-2019-11338",
"CVE-2019-11339",
"CVE-2019-12730",
"CVE-2019-17539",
"CVE-2019-17542",
"CVE-2019-9718",
"CVE-2019-9721",
"CVE-2020-12284",
"CVE-2020-13904",
"CVE-2020-14212",
"CVE-2020-20446",
"CVE-2020-20450",
"CVE-2020-20453",
"CVE-2020-21041",
"CVE-2020-22015",
"CVE-2020-22019",
"CVE-2020-22021",
"CVE-2020-22037",
"CVE-2020-22038",
"CVE-2020-22042",
"CVE-2020-24020",
"CVE-2020-35964",
"CVE-2020-35965",
"CVE-2021-30123",
"CVE-2021-33815",
"CVE-2021-38114",
"CVE-2021-38171",
"CVE-2021-38291",
"CVE-2022-3965",
"CVE-2023-46407",
"CVE-2023-47470"
]
}
cleanstart-2026-ps82605
Vulnerability from cleanstart
Published
2026-02-06 01:09
Modified
2026-02-03 13:35
Summary
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...
Details
Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "ffmpeg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-PS82605",
"modified": "2026-02-03T13:35:45Z",
"published": "2026-02-06T01:09:01.544353Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-PS82605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47470"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47470"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...",
"upstream": [
"CVE-2017-14058",
"CVE-2017-14225",
"CVE-2018-10001",
"CVE-2018-12458",
"CVE-2018-12459",
"CVE-2018-12460",
"CVE-2018-13300",
"CVE-2018-13301",
"CVE-2018-13302",
"CVE-2018-13303",
"CVE-2018-13304",
"CVE-2018-13305",
"CVE-2018-14394",
"CVE-2018-14395",
"CVE-2018-15822",
"CVE-2018-1999010",
"CVE-2018-1999011",
"CVE-2018-1999012",
"CVE-2018-1999013",
"CVE-2018-1999014",
"CVE-2018-1999015",
"CVE-2018-6912",
"CVE-2018-7557",
"CVE-2018-7751",
"CVE-2018-7757",
"CVE-2018-9841",
"CVE-2019-1000016",
"CVE-2019-11338",
"CVE-2019-11339",
"CVE-2019-12730",
"CVE-2019-17539",
"CVE-2019-17542",
"CVE-2019-9718",
"CVE-2019-9721",
"CVE-2020-12284",
"CVE-2020-13904",
"CVE-2020-14212",
"CVE-2020-20446",
"CVE-2020-20450",
"CVE-2020-20453",
"CVE-2020-21041",
"CVE-2020-22015",
"CVE-2020-22019",
"CVE-2020-22021",
"CVE-2020-22037",
"CVE-2020-22038",
"CVE-2020-22042",
"CVE-2020-24020",
"CVE-2020-35964",
"CVE-2020-35965",
"CVE-2021-30123",
"CVE-2021-33815",
"CVE-2021-38114",
"CVE-2021-38171",
"CVE-2021-38291",
"CVE-2022-3965",
"CVE-2023-46407",
"CVE-2023-47342",
"CVE-2023-47470"
]
}
cleanstart-2026-xe32069
Vulnerability from cleanstart
Published
2026-02-06 01:10
Modified
2026-02-03 13:35
Summary
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...
Details
Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "ffmpeg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-XE32069",
"modified": "2026-02-03T13:35:45Z",
"published": "2026-02-06T01:10:32.733224Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-XE32069.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47470"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47470"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...",
"upstream": [
"CVE-2017-14058",
"CVE-2017-14225",
"CVE-2018-10001",
"CVE-2018-12458",
"CVE-2018-12459",
"CVE-2018-12460",
"CVE-2018-13300",
"CVE-2018-13301",
"CVE-2018-13302",
"CVE-2018-13303",
"CVE-2018-13304",
"CVE-2018-13305",
"CVE-2018-14394",
"CVE-2018-14395",
"CVE-2018-15822",
"CVE-2018-1999010",
"CVE-2018-1999011",
"CVE-2018-1999012",
"CVE-2018-1999013",
"CVE-2018-1999014",
"CVE-2018-1999015",
"CVE-2018-6912",
"CVE-2018-7557",
"CVE-2018-7751",
"CVE-2018-7757",
"CVE-2018-9841",
"CVE-2019-1000016",
"CVE-2019-11338",
"CVE-2019-11339",
"CVE-2019-12730",
"CVE-2019-17539",
"CVE-2019-17542",
"CVE-2019-9718",
"CVE-2019-9721",
"CVE-2020-12284",
"CVE-2020-13904",
"CVE-2020-14212",
"CVE-2020-20446",
"CVE-2020-20450",
"CVE-2020-20453",
"CVE-2020-21041",
"CVE-2020-22015",
"CVE-2020-22019",
"CVE-2020-22021",
"CVE-2020-22037",
"CVE-2020-22038",
"CVE-2020-22042",
"CVE-2020-24020",
"CVE-2020-35964",
"CVE-2020-35965",
"CVE-2021-30123",
"CVE-2021-33815",
"CVE-2021-38114",
"CVE-2021-38171",
"CVE-2021-38291",
"CVE-2022-3965",
"CVE-2023-46407",
"CVE-2023-47342",
"CVE-2023-47470"
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…