Описание
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
Ссылки
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ffmpeg:ffmpeg:4.4:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.0021
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-252
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 4 лет назад
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
CVSS3: 9.8
debian
больше 4 лет назад
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...
EPSS
Процентиль: 43%
0.0021
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-252