Vulnerabilities > CVE-2021-38171 - Unchecked Return Value vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
ffmpeg
debian
CWE-252
critical

Summary

adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.

Vulnerable Configurations

Part Description Count
Application
Ffmpeg
1
OS
Debian
3

Common Weakness Enumeration (CWE)