FFmpeg is vulnerable to arbitrary code execution. A use-after-free bug occurs via a crafted EXTINF duration in an m3u8 file
because parse_playlist
in libavformat/hls.c
frees a pointer later access that pointer in av_probe_input_format3
in libavformat/format.c
.
CPE | Name | Operator | Version |
---|---|---|---|
ffmpeg:3.10 | eq | 4.1.5-r0 | |
ffmpeg:3.10 | eq | 4.1.4-r0 | |
ffmpeg:3.11 | eq | 4.2.1-r3 | |
ffmpeg:3.12 | eq | 4.2.3-r0 | |
ffmpeg | eq | 2.3.5-r0 | |
ffmpeg | eq | 0.10.9-r0 | |
ffmpeg | eq | 3.2.9-r0 | |
ffmpeg | eq | 3.4.6-r0 | |
ffmpeg | eq | 1.2.8-r0 | |
ffmpeg | eq | 2.8.11-r0 |
github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2
lists.debian.org/debian-lts-announce/2020/07/msg00022.html
patchwork.ffmpeg.org/project/ffmpeg/patch/[email protected]/
security.gentoo.org/glsa/202007-58
trac.ffmpeg.org/ticket/8673
usn.ubuntu.com/4431-1/
www.debian.org/security/2020/dsa-4722