usn-5472-1
Vulnerability from osv_ubuntu
Published
2022-06-08 11:54
Modified
2026-04-27 14:11
Summary
ffmpeg vulnerabilities
Details

It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding (LPC) or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-20445, CVE-2020-20446, CVE-2020-20453)

It was discovered that FFmpeg incorrectly handled certain input. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-20450)

It was discovered that FFmpeg incorrectly handled file conversion to APNG format. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21041)

It was discovered that FFmpeg incorrectly handled remuxing RTP-hint tracks. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21688)

It was discovered that FFmpeg incorrectly handled certain specially crafted AVI files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21697)

It was discovered that FFmpeg incorrectly handled writing MOV video tags. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22015)

It was discovered that FFmpeg incorrectly handled writing MOV files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue affected only Ubuntu 18.04 LTS. (CVE-2020-22016)

It was discovered that FFmpeg incorrectly handled memory when using certain filters. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22017, CVE-2020-22020, CVE-2020-22022, CVE-2020-22023, CVE-2022-22025, CVE-2020-22026, CVE-2020-22028, CVE-2020-22031, CVE-2020-22032, CVE-2020-22034, CVE-2020-22036, CVE-2020-22042)

It was discovered that FFmpeg incorrectly handled memory when using certain filters. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22019, CVE-2020-22021, CVE-2020-22033)

It was discovered that FFmpeg incorrectly handled memory when using certain filters. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 21.10. (CVE-2020-22027, CVE-2020-22029, CVE-2020-22030, CVE-2020-22035)

It was discovered that FFmpeg incorrectly handled certain specially crafted JPEG files. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22037)

It was discovered that FFmpeg incorrectly performed calculations in EXR codec. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-35965)

It was discovered that FFmpeg did not verify return values of functions init_vlc and init_get_bits. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-38114, CVE-2021-38171)

It was discovered that FFmpeg incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-1475)

References
https://ubuntu.com/security/notices/USN-5472-1 ADVISORY
https://ubuntu.com/security/CVE-2020-20445 REPORT
https://ubuntu.com/security/CVE-2020-20446 REPORT
https://ubuntu.com/security/CVE-2020-20450 REPORT
https://ubuntu.com/security/CVE-2020-20453 REPORT
https://ubuntu.com/security/CVE-2020-21041 REPORT
https://ubuntu.com/security/CVE-2020-21688 REPORT
https://ubuntu.com/security/CVE-2020-21697 REPORT
https://ubuntu.com/security/CVE-2020-22015 REPORT
https://ubuntu.com/security/CVE-2020-22016 REPORT
https://ubuntu.com/security/CVE-2020-22017 REPORT
https://ubuntu.com/security/CVE-2020-22019 REPORT
https://ubuntu.com/security/CVE-2020-22020 REPORT
https://ubuntu.com/security/CVE-2020-22021 REPORT
https://ubuntu.com/security/CVE-2020-22022 REPORT
https://ubuntu.com/security/CVE-2020-22023 REPORT
https://ubuntu.com/security/CVE-2020-22025 REPORT
https://ubuntu.com/security/CVE-2020-22026 REPORT
https://ubuntu.com/security/CVE-2020-22027 REPORT
https://ubuntu.com/security/CVE-2020-22028 REPORT
https://ubuntu.com/security/CVE-2020-22029 REPORT
https://ubuntu.com/security/CVE-2020-22030 REPORT
https://ubuntu.com/security/CVE-2020-22031 REPORT
https://ubuntu.com/security/CVE-2020-22032 REPORT
https://ubuntu.com/security/CVE-2020-22033 REPORT
https://ubuntu.com/security/CVE-2020-22034 REPORT
https://ubuntu.com/security/CVE-2020-22035 REPORT
https://ubuntu.com/security/CVE-2020-22036 REPORT
https://ubuntu.com/security/CVE-2020-22037 REPORT
https://ubuntu.com/security/CVE-2020-22042 REPORT
https://ubuntu.com/security/CVE-2020-35965 REPORT
https://ubuntu.com/security/CVE-2021-38114 REPORT
https://ubuntu.com/security/CVE-2021-38171 REPORT
https://ubuntu.com/security/CVE-2021-38291 REPORT
https://ubuntu.com/security/CVE-2022-1475 REPORT

{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2020-20445",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-20446",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-20453",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-21041",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-21688",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-21697",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22015",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22016",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22017",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22019",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22020",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22021",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22022",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22023",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22025",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22026",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22028",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22031",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22032",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22033",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22034",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22036",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22037",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22042",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-35965",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-38114",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-38171",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-38291",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:18.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "ffmpeg",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          },
          {
            "binary_name": "libavcodec-extra",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          },
          {
            "binary_name": "libavcodec-extra57",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          },
          {
            "binary_name": "libavcodec57",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          },
          {
            "binary_name": "libavdevice57",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          },
          {
            "binary_name": "libavfilter-extra",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          },
          {
            "binary_name": "libavfilter-extra6",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          },
          {
            "binary_name": "libavfilter6",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          },
          {
            "binary_name": "libavformat57",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          },
          {
            "binary_name": "libavresample3",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          },
          {
            "binary_name": "libavutil55",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          },
          {
            "binary_name": "libpostproc54",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          },
          {
            "binary_name": "libswresample2",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          },
          {
            "binary_name": "libswscale4",
            "binary_version": "7:3.4.11-0ubuntu0.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:18.04:LTS",
        "name": "ffmpeg",
        "purl": "pkg:deb/ubuntu/ffmpeg@7:3.4.11-0ubuntu0.1?arch=source\u0026distro=bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7:3.4.11-0ubuntu0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "7:3.3.4-2",
        "7:3.3.4-2build3",
        "7:3.4-2ubuntu2",
        "7:3.4-4",
        "7:3.4-4build1",
        "7:3.4.1-1",
        "7:3.4.1-1build1",
        "7:3.4.2-1",
        "7:3.4.2-1build1",
        "7:3.4.2-2",
        "7:3.4.4-0ubuntu0.18.04.1",
        "7:3.4.6-0ubuntu0.18.04.1",
        "7:3.4.8-0ubuntu0.2"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2020-20445",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-20446",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-20450",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-20453",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-21041",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-21688",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-21697",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22015",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22017",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22019",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22020",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22021",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22022",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22023",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22025",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22026",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22027",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22028",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22029",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22030",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22031",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22032",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22033",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22034",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22035",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22036",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22037",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-22042",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-35965",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-38114",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-38171",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-38291",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:20.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "ffmpeg",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          },
          {
            "binary_name": "libavcodec-extra",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          },
          {
            "binary_name": "libavcodec-extra58",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          },
          {
            "binary_name": "libavcodec58",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          },
          {
            "binary_name": "libavdevice58",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          },
          {
            "binary_name": "libavfilter-extra",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          },
          {
            "binary_name": "libavfilter-extra7",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          },
          {
            "binary_name": "libavfilter7",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          },
          {
            "binary_name": "libavformat58",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          },
          {
            "binary_name": "libavresample4",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          },
          {
            "binary_name": "libavutil56",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          },
          {
            "binary_name": "libpostproc55",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          },
          {
            "binary_name": "libswresample3",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          },
          {
            "binary_name": "libswscale5",
            "binary_version": "7:4.2.7-0ubuntu0.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:20.04:LTS",
        "name": "ffmpeg",
        "purl": "pkg:deb/ubuntu/ffmpeg@7:4.2.7-0ubuntu0.1?arch=source\u0026distro=focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7:4.2.7-0ubuntu0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "7:4.1.4-1build2",
        "7:4.2.1-2",
        "7:4.2.1-2ubuntu1",
        "7:4.2.2-1build1",
        "7:4.2.2-1ubuntu1",
        "7:4.2.4-1ubuntu0.1"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2022-1475",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:22.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "ffmpeg",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libavcodec-extra",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libavcodec-extra58",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libavcodec58",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libavdevice58",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libavfilter-extra",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libavfilter-extra7",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libavfilter7",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libavformat-extra",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libavformat-extra58",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libavformat58",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libavutil56",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libpostproc55",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libswresample3",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          },
          {
            "binary_name": "libswscale5",
            "binary_version": "7:4.4.2-0ubuntu0.22.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "name": "ffmpeg",
        "purl": "pkg:deb/ubuntu/ffmpeg@7:4.4.2-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7:4.4.2-0ubuntu0.22.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "7:4.4-6ubuntu5",
        "7:4.4.1-2ubuntu1",
        "7:4.4.1-3ubuntu1",
        "7:4.4.1-3ubuntu2",
        "7:4.4.1-3ubuntu3",
        "7:4.4.1-3ubuntu5"
      ]
    }
  ],
  "aliases": [],
  "details": "It was discovered that FFmpeg would attempt to divide by zero when using Linear\nPredictive Coding (LPC) or AAC codecs. An attacker could possibly use this\nissue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-20445, CVE-2020-20446,\nCVE-2020-20453)\n\nIt was discovered that FFmpeg incorrectly handled certain input. An attacker\ncould possibly use this issue to cause a denial of service. This issue only\naffected Ubuntu 20.04 LTS. (CVE-2020-20450)\n\nIt was discovered that FFmpeg incorrectly handled file conversion to APNG\nformat. An attacker could possibly use this issue to cause a denial of\nservice. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.\n(CVE-2020-21041)\n\nIt was discovered that FFmpeg incorrectly handled remuxing RTP-hint tracks.\nA remote attacker could possibly use this issue to execute arbitrary code.\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.\n(CVE-2020-21688)\n\nIt was discovered that FFmpeg incorrectly handled certain specially crafted\nAVI files. An attacker could possibly use this issue to cause a denial of\nservice. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.\n(CVE-2020-21697)\n\nIt was discovered that FFmpeg incorrectly handled writing MOV video tags. An\nattacker could possibly use this issue to cause a denial of service, obtain\nsensitive information or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22015)\n\nIt was discovered that FFmpeg incorrectly handled writing MOV files. An\nattacker could possibly use this issue to cause a denial of service or other\nunspecified impact. This issue affected only Ubuntu 18.04 LTS. (CVE-2020-22016)\n\nIt was discovered that FFmpeg incorrectly handled memory when using certain\nfilters. An attacker could possibly use this issue to cause a denial of service\nor other unspecified impact. This issue only affected Ubuntu 18.04 LTS and\nUbuntu 20.04 LTS. (CVE-2020-22017, CVE-2020-22020, CVE-2020-22022,\nCVE-2020-22023, CVE-2022-22025, CVE-2020-22026, CVE-2020-22028, CVE-2020-22031,\nCVE-2020-22032, CVE-2020-22034, CVE-2020-22036, CVE-2020-22042)\n\nIt was discovered that FFmpeg incorrectly handled memory when using certain\nfilters. An attacker could possibly use this issue to cause a denial of service\nor other unspecified impact. This issue only affected Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22019, CVE-2020-22021,\nCVE-2020-22033)\n\nIt was discovered that FFmpeg incorrectly handled memory when using certain\nfilters. An attacker could possibly use this issue to cause a denial of service\nor other unspecified impact. This issue only affected Ubuntu 21.10.\n(CVE-2020-22027, CVE-2020-22029, CVE-2020-22030, CVE-2020-22035)\n\nIt was discovered that FFmpeg incorrectly handled certain specially crafted\nJPEG files. An attacker could possibly use this issue to obtain sensitive\ninformation. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and\nUbuntu 21.10. (CVE-2020-22037)\n\nIt was discovered that FFmpeg incorrectly performed calculations in EXR codec.\nAn attacker could possibly use this issue to cause a denial of service. This\nissue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-35965)\n\nIt was discovered that FFmpeg did not verify return values of functions\ninit_vlc and init_get_bits. An attacker could possibly use this issue to cause\na denial of service or other unspecified impact. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-38114,\nCVE-2021-38171)\n\nIt was discovered that FFmpeg incorrectly handled certain specially crafted\nfiles. An attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-1475)\n",
  "id": "USN-5472-1",
  "modified": "2026-04-27T14:11:28Z",
  "published": "2022-06-08T11:54:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-5472-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-20445"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-20446"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-20450"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-20453"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-21041"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-21688"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-21697"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22015"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22016"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22017"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22019"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22020"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22021"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22022"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22023"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22025"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22026"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22027"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22028"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22029"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22030"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22031"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22032"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22033"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22034"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22035"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22036"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22037"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-22042"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-35965"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-38114"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-38171"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-38291"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-1475"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "ffmpeg vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2020-20445",
    "UBUNTU-CVE-2020-20446",
    "UBUNTU-CVE-2020-20450",
    "UBUNTU-CVE-2020-20453",
    "UBUNTU-CVE-2020-21041",
    "UBUNTU-CVE-2020-21688",
    "UBUNTU-CVE-2020-21697",
    "UBUNTU-CVE-2020-22015",
    "UBUNTU-CVE-2020-22016",
    "UBUNTU-CVE-2020-22017",
    "UBUNTU-CVE-2020-22019",
    "UBUNTU-CVE-2020-22020",
    "UBUNTU-CVE-2020-22021",
    "UBUNTU-CVE-2020-22022",
    "UBUNTU-CVE-2020-22023",
    "UBUNTU-CVE-2020-22025",
    "UBUNTU-CVE-2020-22026",
    "UBUNTU-CVE-2020-22027",
    "UBUNTU-CVE-2020-22028",
    "UBUNTU-CVE-2020-22029",
    "UBUNTU-CVE-2020-22030",
    "UBUNTU-CVE-2020-22031",
    "UBUNTU-CVE-2020-22032",
    "UBUNTU-CVE-2020-22033",
    "UBUNTU-CVE-2020-22034",
    "UBUNTU-CVE-2020-22035",
    "UBUNTU-CVE-2020-22036",
    "UBUNTU-CVE-2020-22037",
    "UBUNTU-CVE-2020-22042",
    "UBUNTU-CVE-2020-35965",
    "UBUNTU-CVE-2021-38114",
    "UBUNTU-CVE-2021-38171",
    "UBUNTU-CVE-2021-38291",
    "UBUNTU-CVE-2022-1475"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…