CVE-2020-20902

MEDIUM

Ffmpeg - Out-of-Bounds Read

Title source: rule

Description

A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information.

References (2)

Core 2

Core References

Issue Tracking, Patch, Vendor Advisory x_refsource_misc

https://trac.ffmpeg.org/ticket/8176

Patch x_refsource_misc

http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=0c61661a2cbe1b8b284c80ada1c2fdddf4992cad

Scores

CVSS v3 6.5

EPSS 0.0039

EPSS Percentile 60.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-125

Status published

Products (1)

ffmpeg/ffmpeg 4.2.1

Published Sep 20, 2021

Tracked Since Feb 18, 2026