Bug#980000: ffmpeg: CVE-2020-35964
Source: ffmpeg
Version: 7:4.3.1-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for ffmpeg.
CVE-2020-35964[0]:
| track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-
| bounds write because of incorrect extradata packing.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-35964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35964
[1] https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7
[2] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26622
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply to: