Vulnerabilities > CVE-2020-13904 - Use After Free vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| OS | 3 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
References
- https://trac.ffmpeg.org/ticket/8673
- https://www.debian.org/security/2020/dsa-4722
- https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html
- https://usn.ubuntu.com/4431-1/
- https://security.gentoo.org/glsa/202007-58
- https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2
- https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq%40chinaffmpeg.org/