CVE-2021-33815

Name
CVE-2021-33815
Description
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777
cve@mitre.org https://security.gentoo.org/glsa/202312-14

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:ffmpeg:ffmpeg:4.4:*:*:*:*:*:*:* ffmpeg == None == 4.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ffmpeg5 edge-community 4.4-r1 None fixed
ffmpeg4 edge-community 4.4-r1 None fixed
ffmpeg4 3.22-community 4.4-r1 None fixed
ffmpeg4 3.21-community 4.4-r1 None fixed
ffmpeg4 3.20-community 4.4-r1 None fixed
ffmpeg4 3.19-community 4.4-r1 None fixed
ffmpeg4 3.18-community 4.4-r1 None fixed
ffmpeg4 3.17-community 4.4-r1 None fixed
ffmpeg edge-community 4.4-r4 Natanael Copa <ncopa@alpinelinux.org> fixed
ffmpeg edge-community 4.4-r3 Natanael Copa <ncopa@alpinelinux.org> fixed
ffmpeg edge-community 4.4-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
ffmpeg edge-community 4.4-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
ffmpeg edge-community 4.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg 3.22-community 4.4-r1 None fixed
ffmpeg 3.22-community 4.4-r0 None possibly vulnerable
ffmpeg 3.21-community 4.4-r1 None fixed
ffmpeg 3.20-community 4.4-r1 None fixed
ffmpeg 3.19-community 4.4-r1 None fixed
ffmpeg 3.18-community 4.4-r1 None fixed
ffmpeg 3.17-community 4.4-r1 None fixed