CVE-2020-14212

Published: Jun 16, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.

Affected (1)

Products: Ffmpeg: Ffmpeg

Ffmpeg

1 product

Ffmpeg

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ffmpeg Ffmpeg	From 4.3 to 4.3.1

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=1463

Source: cve@mitre.org

Not ApplicableVendor Advisory

https://security.gentoo.org/glsa/202007-58

Source: cve@mitre.org

Third Party Advisory

https://trac.ffmpeg.org/ticket/8716

Source: cve@mitre.org

PatchVendor Advisory

https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=1463

Source: af854a3a-2127-422b-91ae-364da2661108

Not ApplicableVendor Advisory

https://security.gentoo.org/glsa/202007-58

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://trac.ffmpeg.org/ticket/8716

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.