CVE-2020-14212

Опубликовано: 16 июн. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.

Ссылки

https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=1463
Not Applicable
Vendor Advisory
https://security.gentoo.org/glsa/202007-58
Third Party Advisory
https://trac.ffmpeg.org/ticket/8716
Patch
Vendor Advisory
https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=1463
Not Applicable
Vendor Advisory
https://security.gentoo.org/glsa/202007-58
Third Party Advisory
https://trac.ffmpeg.org/ticket/8716
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

Версия от 4.3 (включая) до 4.3.1 (исключая)

EPSS

Процентиль: 70%

0.00637

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2020-14212

CVSS3: 8.8

ubuntu

больше 5 лет назад

FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.

CVE-2020-14212

CVSS3: 8.8

debian

больше 5 лет назад

FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in ...

GHSA-3xj6-rmxw-8hpw

github

больше 3 лет назад

FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.

EPSS

Процентиль: 70%

0.00637

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787