Vulnerability Name:

CVE-2020-20896 (CCN-210041)

Assigned:2019-10-15
Published:2019-10-15
Updated:2021-09-24
Summary:An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-476
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-20896

Source: XF
Type: UNKNOWN
ffmpeg-cve202020896-dos(210041)

Source: CCN
Type: ffmpeg Ticket #8273
Segmentation fault in avpriv_copy_bits at libavcodec/bitstream.c:86

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-20896

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:ffmpeg:ffmpeg:4.2.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7921
    P
    		libavcodec57-3.4.2-150200.11.28.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7445
    P
    		axis-1.4-150200.13.6.4 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7488
    P
    		ecryptfs-utils-111-2.31 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:95418
    P
    		Security update for booth (Important)
    2022-08-01
    oval:org.opensuse.security:def:3302
    P
    		minicom-2.7-3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3570
    P
    		libXvnc1-1.6.0-22.7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94810
    P
    		python3-rsa-3.4.2-3.4.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94932
    P
    		libavcodec57-3.4.2-11.17.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95200
    P
    		libavcodec-devel-3.4.2-11.17.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:68534
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:74387
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:5870
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:111762
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:102997
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:65319
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:10663
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:117703
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:109663
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:1043
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:101523
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:68577
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:76027
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:6210
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:108189
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:101734
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:66959
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:10700
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:118334
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:4165
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:1487
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:102131
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:70803
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:76367
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:108797
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:102067
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:95870
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:67299
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:74322
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:119803
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:4230
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:1785
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:102583
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:70840
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:65254
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:109249
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:102337
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:96325
    P
    		Security update for ffmpeg (Moderate)
    2021-10-26
    BACK
    ffmpeg ffmpeg 4.2.1