CVE-2020-24995

HIGH

Ffmpeg - Buffer Overflow

Title source: rule

Description

Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).

References (4)

Core 4

Core References

Exploit, Patch, Vendor Advisory x_refsource_misc

https://trac.ffmpeg.org/ticket/8845

Exploit, Patch, Vendor Advisory x_refsource_misc

https://trac.ffmpeg.org/ticket/8859

Exploit, Patch, Vendor Advisory x_refsource_misc

https://trac.ffmpeg.org/ticket/8860

Patch x_refsource_misc

http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=d6f293353c94c7ce200f6e0975ae3de49787f91f

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 44.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (1)

ffmpeg/ffmpeg 3.1.2

Published Mar 30, 2021

Tracked Since Feb 18, 2026