Vulnerabilities > CVE-2020-35965 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

ffmpeg

debian

CWE-787

NVD

Published: 2021-01-04

Updated: 2021-11-05

Summary

decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.

Vulnerable Configurations

Part	Description	Count
Application	Ffmpeg Ffmpeg Ffmpeg 4.3.1 Ffmpeg Ffmpeg 4.3.2 Ffmpeg Ffmpeg 4.3.3 Ffmpeg Ffmpeg 4.3.4	4
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532
https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3
https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html
https://security.gentoo.org/glsa/202105-24
https://www.debian.org/security/2021/dsa-4990