Vulnerability Name: | CVE-2020-35964 (CCN-194333) | ||||||||||||||||||||||||||||
Assigned: | 2020-10-20 | ||||||||||||||||||||||||||||
Published: | 2020-10-20 | ||||||||||||||||||||||||||||
Updated: | 2022-08-06 | ||||||||||||||||||||||||||||
Summary: | track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. | ||||||||||||||||||||||||||||
CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) 6.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C)
7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C)
| ||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||
Vulnerability Type: | CWE-787 | ||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-35964 Source: CCN Type: Google Security Research Issue 26622 ffmpeg:ffmpeg_dem_VIVIDAS_fuzzer: Heap-buffer-overflow in avio_read Source: MISC Type: Exploit, Issue Tracking, Third Party Advisory https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26622 Source: XF Type: UNKNOWN ffmpeg-cve202035964-bo(194333) Source: CCN Type: FFMPEG Web site FFMPEG Source: MISC Type: Patch, Third Party Advisory https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7 Source: GENTOO Type: Third Party Advisory GLSA-202105-24 | ||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
BACK |