CVE-2020-14212

Name
CVE-2020-14212
Description
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Not Applicable https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=1463
Patch https://trac.ffmpeg.org/ticket/8716
Third Party Advisory https://security.gentoo.org/glsa/202007-58

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* ffmpeg >= 4.3 < 4.3.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status