Unrated severityNVD Advisory· Published Jun 7, 2020· Updated Aug 4, 2024
CVE-2020-13904
CVE-2020-13904
Description
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22- FFmpeg/FFmpegdescription
- osv-coords20 versionspkg:rpm/opensuse/ffmpeg&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/ffmpeg&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3pkg:rpm/suse/ffmpeg&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/ffmpeg&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/ffmpeg&distro=SUSE%20Manager%20Server%204.0
< 3.4.2-11.3.1+ 19 more
- (no CPE)range: < 3.4.2-11.3.1
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-11.3.1
- (no CPE)range: < 3.4.2-11.3.1
- (no CPE)range: < 3.4.2-11.3.1
- (no CPE)range: < 3.4.2-11.3.1
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-11.3.1
- (no CPE)range: < 3.4.2-11.3.1
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
Patches
Vulnerability mechanics
References
7- security.gentoo.org/glsa/202007-58mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4431-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4722mitrevendor-advisoryx_refsource_DEBIAN
- github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/07/msg00022.htmlmitremailing-listx_refsource_MLIST
- patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq%40chinaffmpeg.org/mitrex_refsource_MISC
- trac.ffmpeg.org/ticket/8673mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.