CVE-2020-20896
Published: 20 September 2021
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.
Notes
Author | Note |
---|---|
ccdm94 | Xenial seems to not be vulnerable to this issue. The commit that introduces the code addressed in the fix commit (dd01947397b) is 8b3ec51de8a (3.4). In this commit, the lines that were added in the fix were removed. The package code in Xenial does not include the changes added by 8b3ec51de8a, and therefore, code reintroduced by the fix to this CVE is already present. |
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(7:4.3.1-4ubuntu1)
|
hirsute |
Not vulnerable
(7:4.3.1-4ubuntu1)
|
|
kinetic |
Not vulnerable
(7:4.3.1-4ubuntu1)
|
|
lunar |
Not vulnerable
(7:4.3.1-4ubuntu1)
|
|
jammy |
Not vulnerable
(7:4.3.1-4ubuntu1)
|
|
trusty |
Does not exist
|
|
xenial |
Not vulnerable
(code not present)
|
|
mantic |
Not vulnerable
(7:4.3.1-4ubuntu1)
|
|
bionic |
Not vulnerable
(7:3.4.11-0ubuntu0.1+esm2)
|
|
focal |
Not vulnerable
(7:4.2.7-0ubuntu0.1)
|
|
upstream |
Released
(4.2.2)
|
|
Patches: upstream: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b |
||
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
impish |
Ignored
(end of life)
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
hirsute |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(end of standard support)
|
|
mantic |
Needs triage
|
|
vice Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
impish |
Ignored
(end of life)
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
hirsute |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
mantic |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |