CVE-2020-24995

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-24995
Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=d6f293353c94c7ce200f6e0975ae3de49787f91f
https://trac.ffmpeg.org/ticket/8845 Exploit Patch Vendor Advisory
https://trac.ffmpeg.org/ticket/8859 Exploit Patch Vendor Advisory
https://trac.ffmpeg.org/ticket/8860 Exploit Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ffmpeg:ffmpeg:3.1.2:*:*:*:*:*:*:*
History

07 Nov 2023, 03:20

Type Values Removed Values Added
References
  • {'url': 'http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f', 'name': 'http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MISC'}
  • () http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=d6f293353c94c7ce200f6e0975ae3de49787f91f -

02 Apr 2021, 17:22

Type Values Removed Values Added
References (MISC) https://trac.ffmpeg.org/ticket/8845 - (MISC) https://trac.ffmpeg.org/ticket/8845 - Exploit, Patch, Vendor Advisory
References (MISC) https://trac.ffmpeg.org/ticket/8859 - (MISC) https://trac.ffmpeg.org/ticket/8859 - Exploit, Patch, Vendor Advisory
References (MISC) https://trac.ffmpeg.org/ticket/8860 - (MISC) https://trac.ffmpeg.org/ticket/8860 - Exploit, Patch, Vendor Advisory
References (MISC) http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f - (MISC) http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f - Mailing List, Patch, Vendor Advisory
CWE CWE-120
CPE cpe:2.3:a:ffmpeg:ffmpeg:3.1.2:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 4.6
v3 : 7.8

30 Mar 2021, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2021-03-30 22:15

Updated : 2023-12-10 13:55

NVD link : CVE-2020-24995

Mitre link : CVE-2020-24995

CVE.ORG link : CVE-2020-24995

JSON object : View

Products Affected

ffmpeg

  • ffmpeg
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')