search

tamirverthim / FFmpeg

Mirror of git://source.ffmpeg.org/ffmpeg.git
https://ffmpeg.org
Other
0 stars 0 forks source link

CVE-2020-22029 (High) detected in ffmpeg4.2.2 - autoclosed #43

Closed mend-for-github-com[bot] closed 2 years ago

mend-for-github-com[bot] commented 2 years ago

CVE-2020-22029 - High Severity Vulnerability

Vulnerable Library - ffmpeg4.2.2

Library home page: https://www.ffmpeg.org/releases/

Found in HEAD commit: e5168b773f1d7f76578e4b22da6fe38debdde1aa

Vulnerable Source Files (2)

/libavfilter/vf_colorconstancy.c /libavfilter/vf_colorconstancy.c

Vulnerability Details

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.

Publish Date: 2021-05-27

URL: CVE-2020-22029

CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/FFmpeg/FFmpeg/commit/a7fd1279703683ebb548ef7baa2f1519994496ae

Release Date: 2021-05-27

Fix Resolution: n4.3

mend-for-github-com[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.