CVE-2020-22049 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-22049 PUBLISHED

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.

EPSS 1.55% · 81.3th percentile

Risk Scores

EPSS Score

1.55%

81.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:16.04:LTS	ffmpeg	7:2.7.2-1build1, 7:2.8.1-1ubuntu1, 7:2.8.3-1
Ubuntu:20.04:LTS	ffmpeg	7:4.1.4-1build2, 7:4.2.1-2ubuntu1, 7:4.2.2-1build1
Ubuntu:18.04:LTS	ffmpeg	7:3.4.2-1build1, 7:3.4.2-2, 7:3.4.4-0ubuntu0.18.04.1

Timeline

Jun 1, 2021 CVE Published
Jun 3, 2021 EPSS Score
Aug 4, 2021 EPSS Score
Oct 4, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 2, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 2, 2022 EPSS Score
Aug 3, 2022 EPSS Score
Oct 2, 2022 EPSS Score
Dec 2, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2020-22049 third-party-advisory
https://trac.ffmpeg.org/ticket/8314 third-party-advisory
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=373c1c9b691fd4c6831b3a114a006b639304c2af third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-22049 third-party-advisory
https://ubuntu.com/security/notices/USN-5167-1 vendor-advisory

Open in Interactive Console →