Vulnerability-Lookup

CVE-2020-22036 (GCVE-0-2020-22036)

Vulnerability from cvelistv5 – Published: 2021-06-01 18:35 – Updated: 2024-08-04 14:51

Summary

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

3 references

URL	Tags
https://trac.ffmpeg.org/ticket/8261	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2021/dsa-4990	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:51:09.439Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://trac.ffmpeg.org/ticket/8261"
          },
          {
            "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html"
          },
          {
            "name": "DSA-4990",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4990"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:06:23.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://trac.ffmpeg.org/ticket/8261"
        },
        {
          "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html"
        },
        {
          "name": "DSA-4990",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4990"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-22036",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://trac.ffmpeg.org/ticket/8261",
              "refsource": "MISC",
              "url": "https://trac.ffmpeg.org/ticket/8261"
            },
            {
              "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html"
            },
            {
              "name": "DSA-4990",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4990"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-22036",
    "datePublished": "2021-06-01T18:35:40.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:51:09.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-22036",
      "date": "2026-05-19",
      "epss": "0.01155",
      "percentile": "0.78754"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39DB2C4D-6C0C-4D9C-AA87-F30037FFC8E4\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de desbordamiento del b\\u00fafer en la regi\\u00f3n heap de la memoria en FFmpeg versi\\u00f3n 4.2, en la funci\\u00f3n filter_intra en la biblioteca libavfilter/vf_bwdif.c, que podr\\u00eda conllevar a una corrupci\\u00f3n de la memoria y otras potenciales consecuencias\"}]",
      "id": "CVE-2020-22036",
      "lastModified": "2024-11-21T05:13:03.693",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-06-01T19:15:07.363",
      "references": "[{\"url\": \"https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://trac.ffmpeg.org/ticket/8261\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4990\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://trac.ffmpeg.org/ticket/8261\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4990\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-22036\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-06-01T19:15:07.363\",\"lastModified\":\"2024-11-21T05:13:03.693\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en FFmpeg versi\u00f3n 4.2, en la funci\u00f3n filter_intra en la biblioteca libavfilter/vf_bwdif.c, que podr\u00eda conllevar a una corrupci\u00f3n de la memoria y otras potenciales consecuencias\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39DB2C4D-6C0C-4D9C-AA87-F30037FFC8E4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://trac.ffmpeg.org/ticket/8261\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4990\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://trac.ffmpeg.org/ticket/8261\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4990\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

BDU:2021-05153

Vulnerability from fstec - Published: 01.06.2021

Title

Уязвимость компонента filter_intra библиотеки Ffmpeg, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Description

Уязвимость компонента filter_intra библиотеки Ffmpeg связана с записью за границами буфера. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», FFmpeg team, АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), FFmpeg, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 4.2 (FFmpeg), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.4 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Для Ffmpeg: Использование рекомендаций производителя: https://trac.ffmpeg.org/ticket/8261 Для Debian: Использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2020-22036 Для Astra Linux: Использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16 использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 Для ОСОН Основа: Обновление программного обеспечения ffmpeg до версии 7:4.1.8-0+deb10u1 Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»: обновить пакет ffmpeg до 7:3.2.18-0+deb9u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 Для ОС ОН «Стрелец»: Обновление программного обеспечения ffmpeg до версии 7:3.2.18-0+deb9u1

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-22036 https://security-tracker.debian.org/tracker/CVE-2020-22036 https://trac.ffmpeg.org/ticket/8261 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4/ https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, FFmpeg team, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 4.2 (FFmpeg), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.4 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Ffmpeg:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://trac.ffmpeg.org/ticket/8261\n\n\u0414\u043b\u044f Debian:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2020-22036\n\n\u0414\u043b\u044f Astra Linux:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f ffmpeg \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 7:4.1.8-0+deb10u1\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ffmpeg \u0434\u043e 7:3.2.18-0+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f ffmpeg \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 7:3.2.18-0+deb9u1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.06.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.10.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-05153",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-22036",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), FFmpeg, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 filter_intra \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Ffmpeg, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 filter_intra \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Ffmpeg \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2020-22036\nhttps://security-tracker.debian.org/tracker/CVE-2020-22036\nhttps://trac.ffmpeg.org/ticket/8261\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4/\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CNVD-2021-42344

Vulnerability from cnvd - Published: 2021-06-17

Title

FFmpeg堆缓冲区溢出漏洞（CNVD-2021-42344）

Description

FFmpeg是一套可录制、转换以及流化音视频的完整解决方案。 FFmpeg中的libavfilter/vf_bwdif.c中的filter_intra存在堆缓冲区溢出漏洞。攻击者可利用该漏洞导致内存破坏。

Severity

中

Patch Name

FFmpeg堆缓冲区溢出漏洞（CNVD-2021-42344）的补丁

Patch Description

FFmpeg是一套可录制、转换以及流化音视频的完整解决方案。 FFmpeg中的libavfilter/vf_bwdif.c中的filter_intra存在堆缓冲区溢出漏洞。攻击者可利用该漏洞导致内存破坏。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ffmpeg.org/download.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-22036

Impacted products

Name
FFmpeg FFmpeg 4.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-22036",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-22036"
    }
  },
  "description": "FFmpeg\u662f\u4e00\u5957\u53ef\u5f55\u5236\u3001\u8f6c\u6362\u4ee5\u53ca\u6d41\u5316\u97f3\u89c6\u9891\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848\u3002\n\nFFmpeg\u4e2d\u7684libavfilter/vf_bwdif.c\u4e2d\u7684filter_intra\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ffmpeg.org/download.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-42344",
  "openTime": "2021-06-17",
  "patchDescription": "FFmpeg\u662f\u4e00\u5957\u53ef\u5f55\u5236\u3001\u8f6c\u6362\u4ee5\u53ca\u6d41\u5316\u97f3\u89c6\u9891\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nFFmpeg\u4e2d\u7684libavfilter/vf_bwdif.c\u4e2d\u7684filter_intra\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "FFmpeg\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-42344\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "FFmpeg FFmpeg 4.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-22036",
  "serverity": "\u4e2d",
  "submitTime": "2021-06-02",
  "title": "FFmpeg\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-42344\uff09"
}

FKIE_CVE-2020-22036

Vulnerability from fkie_nvd - Published: 2021-06-01 19:15 - Updated: 2024-11-21 05:13

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html	Mailing List, Third Party Advisory
cve@mitre.org	https://trac.ffmpeg.org/ticket/8261	Exploit, Vendor Advisory
cve@mitre.org	https://www.debian.org/security/2021/dsa-4990	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://trac.ffmpeg.org/ticket/8261	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4990	Third Party Advisory

Impacted products

Vendor	Product	Version
ffmpeg	ffmpeg	4.2
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "39DB2C4D-6C0C-4D9C-AA87-F30037FFC8E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en FFmpeg versi\u00f3n 4.2, en la funci\u00f3n filter_intra en la biblioteca libavfilter/vf_bwdif.c, que podr\u00eda conllevar a una corrupci\u00f3n de la memoria y otras potenciales consecuencias"
    }
  ],
  "id": "CVE-2020-22036",
  "lastModified": "2024-11-21T05:13:03.693",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-01T19:15:07.363",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://trac.ffmpeg.org/ticket/8261"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://trac.ffmpeg.org/ticket/8261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4990"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-RCHH-F9FW-9G82

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03

Details

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-22036"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-01T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.",
  "id": "GHSA-rchh-f9fw-9g82",
  "modified": "2022-05-24T19:03:43Z",
  "published": "2022-05-24T19:03:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22036"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://trac.ffmpeg.org/ticket/8261"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4990"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-22036

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.

Aliases

CVE-2020-22036

Aliases

CVE-2020-22036

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-22036",
    "description": "A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.",
    "id": "GSD-2020-22036",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-22036.html",
      "https://www.debian.org/security/2021/dsa-4990",
      "https://ubuntu.com/security/CVE-2020-22036"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-22036"
      ],
      "details": "A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.",
      "id": "GSD-2020-22036",
      "modified": "2023-12-13T01:21:59.211966Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-22036",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://trac.ffmpeg.org/ticket/8261",
            "refsource": "MISC",
            "url": "https://trac.ffmpeg.org/ticket/8261"
          },
          {
            "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html"
          },
          {
            "name": "DSA-4990",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2021/dsa-4990"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-22036"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://trac.ffmpeg.org/ticket/8261",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://trac.ffmpeg.org/ticket/8261"
            },
            {
              "name": "[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html"
            },
            {
              "name": "DSA-4990",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4990"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-11-05T21:59Z",
      "publishedDate": "2021-06-01T19:15Z"
    }
  }
}

WID-SEC-W-2023-0011

Vulnerability from csaf_certbund - Published: 2021-06-01 22:00 - Updated: 2025-04-03 22:00

Summary

ffmpeg: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Das FFmpeg-Projekt besteht aus freien Programmen und Bibliotheken, die es ermöglichen, digitales Video- und Audiomaterial aufzunehmen, zu konvertieren, zu streamen und abzuspielen. Zudem enthält es mit libavcodec eine Audio- und Video-Codec-Sammlung, die verschiedene Codecs zur Verfügung stellt.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ffmpeg ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2020-22035

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22036

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22037

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22038

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22039

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22040

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22041

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22042

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22043

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22044

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22045

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22046

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22048

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22049

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22051

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22054

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

CVE-2020-22056

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg 4.2 Open Source / ffmpeg	`cpe:/a:ffmpeg:ffmpeg:4.2`	4.2

References

28 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://nvd.nist.gov/vuln/detail/CVE-2020-22035	external
https://nvd.nist.gov/vuln/detail/CVE-2020-22036	external
https://nvd.nist.gov/vuln/detail/CVE-2020-22037	external
https://nvd.nist.gov/vuln/detail/CVE-2020-22038	external
https://nvd.nist.gov/vuln/detail/CVE-2020-22039	external
https://nvd.nist.gov/vuln/detail/CVE-2020-22040	external
https://nvd.nist.gov/vuln/detail/CVE-2020-22041	external
https://nvd.nist.gov/vuln/detail/CVE-2020-22042	external
https://nvd.nist.gov/vuln/detail/CVE-2020-22043	external
https://nvd.nist.gov/vuln/detail/CVE-2020-22044	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.debian.org/debian-lts-announce/2021…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.debian.org/security/2021/dsa-4990	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.debian.org/security/2021/dsa-4998	external
https://lists.debian.org/debian-lts-announce/2021…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://ubuntu.com/security/notices/USN-6430-1	external
https://ubuntu.com/security/notices/USN-6449-2	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das FFmpeg-Projekt besteht aus freien Programmen und Bibliotheken, die es erm\u00f6glichen, digitales Video- und Audiomaterial aufzunehmen, zu konvertieren, zu streamen und abzuspielen. Zudem enth\u00e4lt es mit libavcodec eine Audio- und Video-Codec-Sammlung, die verschiedene Codecs zur Verf\u00fcgung stellt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ffmpeg ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0011 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-0011.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0011 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0011"
      },
      {
        "category": "external",
        "summary": "NIST NVD CVE Details vom 2021-06-01",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22035"
      },
      {
        "category": "external",
        "summary": "NIST NVD CVE Details vom 2021-06-01",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22036"
      },
      {
        "category": "external",
        "summary": "NIST NVD CVE Details vom 2021-06-01",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
      },
      {
        "category": "external",
        "summary": "NIST NVD CVE Details vom 2021-06-01",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
      },
      {
        "category": "external",
        "summary": "NIST NVD CVE Details vom 2021-06-01",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22039"
      },
      {
        "category": "external",
        "summary": "NIST NVD CVE Details vom 2021-06-01",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22040"
      },
      {
        "category": "external",
        "summary": "NIST NVD CVE Details vom 2021-06-01",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22041"
      },
      {
        "category": "external",
        "summary": "NIST NVD CVE Details vom 2021-06-01",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
      },
      {
        "category": "external",
        "summary": "NIST NVD CVE Details vom 2021-06-01",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22043"
      },
      {
        "category": "external",
        "summary": "NIST NVD CVE Details vom 2021-06-01",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22044"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2322-1 vom 2021-07-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009140.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2742 vom 2021-08-15",
        "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2929-1 vom 2021-09-02",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009391.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2919-1 vom 2021-09-02",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009387.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:3293-1 vom 2021-10-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-October/009540.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4990 vom 2021-10-20",
        "url": "https://www.debian.org/security/2021/dsa-4990"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:3521-1 vom 2021-10-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-October/009650.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4998 vom 2021-11-01",
        "url": "https://www.debian.org/security/2021/dsa-4998"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2818 vom 2021-11-14",
        "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:0005-1 vom 2023-01-02",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013405.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6430-1 vom 2023-10-12",
        "url": "https://ubuntu.com/security/notices/USN-6430-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6449-2 vom 2023-11-15",
        "url": "https://ubuntu.com/security/notices/USN-6449-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0958-1 vom 2025-03-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020566.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:1128-1 vom 2025-04-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020649.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:1128-1 vom 2025-04-03",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BUTZTVXUCY5PWI25OBULIPCCLGEGSU7X/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:1128-1 vom 2025-04-03",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BUTZTVXUCY5PWI25OBULIPCCLGEGSU7X/"
      }
    ],
    "source_lang": "en-US",
    "title": "ffmpeg: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-04-03T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-04T09:51:09.153+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2023-0011",
      "initial_release_date": "2021-06-01T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-06-01T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2021-06-03T22:00:00.000+00:00",
          "number": "2",
          "summary": "Weitere CVE Nummern aufgenommen"
        },
        {
          "date": "2021-07-14T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-08-15T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-09-02T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-10-06T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-10-19T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-10-26T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-10-31T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-11-14T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-01-02T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-10-12T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-11-14T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-03-19T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-04-03T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "15"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "4.2",
                "product": {
                  "name": "Open Source ffmpeg 4.2",
                  "product_id": "T014950",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ffmpeg:ffmpeg:4.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ffmpeg"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-22035",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22035"
    },
    {
      "cve": "CVE-2020-22036",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22036"
    },
    {
      "cve": "CVE-2020-22037",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22037"
    },
    {
      "cve": "CVE-2020-22038",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22038"
    },
    {
      "cve": "CVE-2020-22039",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22039"
    },
    {
      "cve": "CVE-2020-22040",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22040"
    },
    {
      "cve": "CVE-2020-22041",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22041"
    },
    {
      "cve": "CVE-2020-22042",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22042"
    },
    {
      "cve": "CVE-2020-22043",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22043"
    },
    {
      "cve": "CVE-2020-22044",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22044"
    },
    {
      "cve": "CVE-2020-22045",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22045"
    },
    {
      "cve": "CVE-2020-22046",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22046"
    },
    {
      "cve": "CVE-2020-22048",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22048"
    },
    {
      "cve": "CVE-2020-22049",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22049"
    },
    {
      "cve": "CVE-2020-22051",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22051"
    },
    {
      "cve": "CVE-2020-22054",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22054"
    },
    {
      "cve": "CVE-2020-22056",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T014950"
        ]
      },
      "release_date": "2021-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-22056"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-22036 (GCVE-0-2020-22036)

BDU:2021-05153

CNVD-2021-42344

FKIE_CVE-2020-22036

GHSA-RCHH-F9FW-9G82

GSD-2020-22036

WID-SEC-W-2023-0011

Tags

Sightings

Nomenclature