Your submission was sent successfully! Close

CVE-2020-35965

Published: 4 January 2021

decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
bionic
Released (7:3.4.11-0ubuntu0.1)
focal
Released (7:4.2.7-0ubuntu0.1)
groovy Ignored
(reached end-of-life)
hirsute
Released (7:4.3.2-0+deb11u1ubuntu1)
impish Not vulnerable
(7:4.4-6ubuntu5)
jammy Not vulnerable
(7:4.4.1-3ubuntu2)
precise Does not exist

trusty Does not exist

upstream
Released (4.4)
xenial Ignored
(end of standard support, was needed)
Patches:
upstream: https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b
upstream: https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3