Steven Liu

1 exploit Active since Jun 2020
CVE-2020-13904 WRITEUP MEDIUM WRITEUP
FFmpeg 2.8 and 4.2.3 - Use-After-Free via Crafted EXTINF Duration in m3u8 File
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
CVSS 5.5