Your submission was sent successfully! Close

CVE-2021-38114

Published: 4 August 2021

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
bionic
Released (7:3.4.11-0ubuntu0.1)
focal
Released (7:4.2.7-0ubuntu0.1)
hirsute Ignored
(reached end-of-life)
impish
Released (7:4.4.2-0ubuntu0.21.10.1)
jammy Not vulnerable
(7:4.4.1-3ubuntu2)
trusty Does not exist

upstream
Released (4.4.1)
xenial Ignored
(out of standard support, was needed)
Patches:
upstream: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1