CVE-2020-22049

Published: Jun 2, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.

Affected (3)

Products: Ffmpeg: Ffmpeg · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ffmpeg Ffmpeg	Version 4.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (8)

http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=373c1c9b691fd4c6831b3a114a006b639304c2af

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://trac.ffmpeg.org/ticket/8314

Source: cve@mitre.org

ExploitIssue TrackingVendor Advisory

https://www.debian.org/security/2021/dsa-4990

Source: cve@mitre.org

Third Party Advisory

http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=373c1c9b691fd4c6831b3a114a006b639304c2af

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://trac.ffmpeg.org/ticket/8314

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

https://www.debian.org/security/2021/dsa-4990

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.