Bug#979999: ffmpeg: CVE-2020-35965
Source: ffmpeg
Version: 7:4.3.1-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for ffmpeg.
CVE-2020-35965[0]:
| decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds
| write because of errors in calculations of when to perform memset zero
| operations.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-35965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35965
[1] https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b
[2] https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3
[3] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply to: