Lucene search
GoogleOSV:CVE-2020-13904HistoryJun 07, 2020 - 7:15 p.m.
CVE-2020-13904
2020-06-0719:15:09
Google
osv.dev
6
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ffmpeg.git | eq | n2.8-de | |
| ffmpeg.git | eq | n2.8.16 | |
| ffmpeg.git | eq | n2.8.3 | |
| ffmpeg.git | eq | n1.3-de | |
| ffmpeg.git | eq | n2.2-de | |
| ffmpeg.git | eq | n2.8.13 | |
| ffmpeg.git | eq | n0.8 | |
| ffmpeg.git | eq | n2.7-de | |
| ffmpeg.git | eq | n2.8.11 | |
| ffmpeg.git | eq | n2.0 |
References
github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2
lists.debian.org/debian-lts-announce/2020/07/msg00022.html
patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq%40chinaffmpeg.org/
security.gentoo.org/glsa/202007-58
trac.ffmpeg.org/ticket/8673
usn.ubuntu.com/4431-1/
www.debian.org/security/2020/dsa-4722
Related
nvd
nvd
CVE-2020-13904
2020-06-07 19:15:09
archlinux
archlinux
[ASA-202007-4] ffmpeg: arbitrary code execution
2020-07-31 00:00:00
prion
prion
Design/Logic Flaw
2020-06-07 19:15:00
ubuntucve
ubuntucve
CVE-2020-13904
2020-06-07 00:00:00
alpinelinux
alpinelinux
CVE-2020-13904
2020-06-07 19:15:09
veracode
veracode
Arbitrary Code Execution
2020-08-06 21:38:32
debiancve
debiancve
CVE-2020-13904
2020-06-07 19:15:09
cve
cve
CVE-2020-13904
2020-06-07 19:15:09
cvelist
cvelist
CVE-2020-13904
2020-06-07 18:07:08
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0290)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-2291-1)
2020-07-28 00:00:00
Debian: Security Advisory (DSA-4722-1)
2020-07-10 00:00:00
mageia
mageia
Updated ffmpeg packages fix security vulnerability
2020-07-10 18:40:08
debian
debian
[SECURITY] [DLA 2291-1] ffmpeg security update
2020-07-27 09:28:37
[SECURITY] [DSA 4722-1] ffmpeg security update
2020-07-08 20:46:11
osv
osv
ffmpeg - security update
2020-07-27 00:00:00
ffmpeg - security update
2020-07-08 00:00:00
nessus
nessus
Debian DLA-2291-1 : ffmpeg security update
2020-07-28 00:00:00
Debian DSA-4722-1 : ffmpeg - security update
2020-07-10 00:00:00
GLSA-202007-58 : FFmpeg: Multiple vulnerabilities
2020-07-30 00:00:00
gentoo
gentoo
FFmpeg: Multiple vulnerabilities
2020-07-28 00:00:00
cloudfoundry
cloudfoundry
USN-4431-1: FFmpeg vulnerabilities | Cloud Foundry
2020-08-27 00:00:00
ubuntu
ubuntu
FFmpeg vulnerabilities
2020-07-22 00:00:00
suse
suse
Security update for ffmpeg (important)
2021-07-14 00:00:00