CVE-2020-24020

CVE-2020-24020

Name

CVE-2020-24020

Description

Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb
MISC	https://trac.ffmpeg.org/ticket/8718

Type

URI

MISC

http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb

MISC

https://trac.ffmpeg.org/ticket/8718

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:ffmpeg:ffmpeg:4.2.3:::::::*`	ffmpeg	== None	== 4.2.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:ffmpeg:ffmpeg:4.2.3:*:*:*:*:*:*:*

ffmpeg

== None

== 4.2.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
ffmpeg5	edge-community	4.4-r0	None	fixed
ffmpeg4	edge-community	4.4-r0	None	fixed
ffmpeg4	3.22-community	4.4-r0	None	fixed
ffmpeg4	3.21-community	4.4-r0	None	fixed
ffmpeg4	3.20-community	4.4-r0	None	fixed
ffmpeg4	3.19-community	4.4-r0	None	fixed
ffmpeg4	3.18-community	4.4-r0	None	fixed
ffmpeg4	3.17-community	4.4-r0	None	fixed
ffmpeg	edge-community	4.4-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
ffmpeg	3.22-community	4.4-r0	None	fixed
ffmpeg	3.21-community	4.4-r0	None	fixed
ffmpeg	3.20-community	4.4-r0	None	fixed
ffmpeg	3.19-community	4.4-r0	None	fixed
ffmpeg	3.18-community	4.4-r0	None	fixed
ffmpeg	3.17-community	4.4-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

ffmpeg5

edge-community

4.4-r0

None

fixed

ffmpeg4

edge-community