CVE-2020-22028

Published: 26 May 2021

Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.

Priority

6.5

Package	Release	Status
ffmpeg Launchpad, Ubuntu, Debian	bionic	Released (7:3.4.11-0ubuntu0.1)
	focal	Released (7:4.2.7-0ubuntu0.1)
	groovy	Not vulnerable (7:4.3.1-4ubuntu1)
	hirsute	Not vulnerable (7:4.3.1-4ubuntu1)
	impish	Not vulnerable (7:4.4-6ubuntu5)
	jammy	Not vulnerable (7:4.4.1-3ubuntu2)
	kinetic	Not vulnerable (7:4.4.1-3ubuntu2)
	lunar	Not vulnerable (7:4.4.1-3ubuntu2)
	mantic	Not vulnerable (7:4.4.1-3ubuntu2)
	noble	Not vulnerable (7:4.4.1-3ubuntu2)
	trusty	Does not exist
	upstream	Released (4.3)
	xenial	Not vulnerable (code not present)
	Patches: upstream: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/f069a9c2a65bc20c3462127623127df6dfd06c5b
qtwebengine-opensource-src Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Ignored (end of life, was needs-triage)
	noble	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored (end of standard support)
vice Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Ignored (end of life, was needs-triage)
	noble	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Needs triage

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.