CVE-2020-21688

Published: 10 August 2021

A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.

Priority

8.8

Package	Release	Status
ffmpeg Launchpad, Ubuntu, Debian	impish	Not vulnerable (7:4.4-6ubuntu5)
	hirsute	Ignored (end of life)
	focal	Released (7:4.2.7-0ubuntu0.1)
	jammy	Not vulnerable (7:4.4.1-3ubuntu2)
	kinetic	Not vulnerable (7:4.4.1-3ubuntu2)
	xenial	Released (7:2.8.17-0ubuntu0.1+esm2) Available with Ubuntu Pro
	lunar	Not vulnerable (7:4.4.1-3ubuntu2)
	bionic	Released (7:3.4.11-0ubuntu0.1)
	trusty	Does not exist
	upstream	Released (4.4)
	mantic	Not vulnerable (7:4.4.1-3ubuntu2)
	Patches: upstream: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1
qtwebengine-opensource-src Launchpad, Ubuntu, Debian	hirsute	Ignored (end of life)
	kinetic	Ignored (end of life, was needs-triage)
	jammy	Needs triage
	impish	Ignored (end of life)
	lunar	Needs triage
	bionic	Needs triage
	focal	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored (end of standard support)
	mantic	Needs triage
vice Launchpad, Ubuntu, Debian	hirsute	Ignored (end of life)
	kinetic	Ignored (end of life, was needs-triage)
	jammy	Needs triage
	impish	Ignored (end of life)
	xenial	Needs triage
	lunar	Needs triage
	bionic	Needs triage
	focal	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	mantic	Needs triage

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.