Vulnerability Name:

CVE-2020-22042 (CCN-202888)

Assigned:2019-07-07
Published:2019-07-07
Updated:2021-11-30
Summary:A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
3.0 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-401
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-22042

Source: XF
Type: UNKNOWN
ffmpeg-cve202022042-dos(202888)

Source: CCN
Type: ffmpeg Ticket #8267
memory leaks from libavfilter/graphparser.c in link_filter_inouts

Source: MISC
Type: Exploit, Issue Tracking, Vendor Advisory
https://trac.ffmpeg.org/ticket/8267

Source: DEBIAN
Type: Third Party Advisory
DSA-4998

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ffmpeg:ffmpeg:4.2:-:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ffmpeg:ffmpeg:4.2:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7921
    P
    		libavcodec57-3.4.2-150200.11.28.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7442
    P
    		autofs-5.1.3-150000.7.14.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7486
    P
    		dstat-0.7.3-2.16 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:95397
    P
    		Security update for salt (Important)
    2022-07-06
    oval:org.opensuse.security:def:3302
    P
    		minicom-2.7-3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3570
    P
    		libXvnc1-1.6.0-22.7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94802
    P
    		python3-lxml-4.7.1-3.7.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94932
    P
    		libavcodec57-3.4.2-11.17.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95200
    P
    		libavcodec-devel-3.4.2-11.17.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:6189
    P
    		Security update for ghostscript (Moderate)
    2022-01-14
    oval:org.opensuse.security:def:68531
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:74379
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:5849
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:111734
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:102994
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:65311
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:10660
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:117695
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:109660
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:1035
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:101515
    P
    		Security update for curl (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:68575
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:76006
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:108181
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:101726
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:66938
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:10697
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:118331
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:4157
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:1485
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:102110
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:70800
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:76346
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:108776
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:102065
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:95867
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:67278
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:74314
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:119800
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:4222
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:1782
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:102580
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:70837
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:65246
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:109246
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:102334
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:96322
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    BACK
    ffmpeg ffmpeg 4.2 -
    debian debian linux 11.0
    ffmpeg ffmpeg 4.2 -