CVE-2021-38114
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/08/2021
Last modified:
07/11/2023
Description
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:ffmpeg:ffmpeg:4.4:*:*:*:*:*:*:* | ||
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1
- https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html
- https://patchwork.ffmpeg.org/project/ffmpeg/patch/PAXP193MB12624C21AE412BE95BA4D4A4B6F09%40PAXP193MB1262.EURP193.PROD.OUTLOOK.COM/
- https://www.debian.org/security/2021/dsa-4990
- https://www.debian.org/security/2021/dsa-4998