CVE-2020-13904 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | A use-after-free via a crafted EXTINF duration in an m3u8 file has been found in ffmpeg <= 4.2.3, because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1180 | ffmpeg | 2:4.2.3-2 | 2:4.3.1-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 31 Jul 2020 | ASA-202007-4 | AVG-1180 | ffmpeg | High | arbitrary code execution |
| References |
|---|
https://trac.ffmpeg.org/ticket/8673 https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/ |