CVE-2020-22026

MEDIUM

Ffmpeg - Buffer Overflow

Title source: rule

Description

Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.

References (3)

Core 3

Core References

Exploit, Issue Tracking, Vendor Advisory x_refsource_misc

https://trac.ffmpeg.org/ticket/8317

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2021/dsa-4990

Scores

CVSS v3 6.5

EPSS 0.0135

EPSS Percentile 80.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-120

Status published

Products (3)

debian/debian_linux 9.0

debian/debian_linux 10.0

ffmpeg/ffmpeg 4.2

Published May 26, 2021

Tracked Since Feb 18, 2026