usn-5472-1
Vulnerability from osv_ubuntu
It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding (LPC) or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-20445, CVE-2020-20446, CVE-2020-20453)
It was discovered that FFmpeg incorrectly handled certain input. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-20450)
It was discovered that FFmpeg incorrectly handled file conversion to APNG format. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21041)
It was discovered that FFmpeg incorrectly handled remuxing RTP-hint tracks. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21688)
It was discovered that FFmpeg incorrectly handled certain specially crafted AVI files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21697)
It was discovered that FFmpeg incorrectly handled writing MOV video tags. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22015)
It was discovered that FFmpeg incorrectly handled writing MOV files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue affected only Ubuntu 18.04 LTS. (CVE-2020-22016)
It was discovered that FFmpeg incorrectly handled memory when using certain filters. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22017, CVE-2020-22020, CVE-2020-22022, CVE-2020-22023, CVE-2022-22025, CVE-2020-22026, CVE-2020-22028, CVE-2020-22031, CVE-2020-22032, CVE-2020-22034, CVE-2020-22036, CVE-2020-22042)
It was discovered that FFmpeg incorrectly handled memory when using certain filters. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22019, CVE-2020-22021, CVE-2020-22033)
It was discovered that FFmpeg incorrectly handled memory when using certain filters. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 21.10. (CVE-2020-22027, CVE-2020-22029, CVE-2020-22030, CVE-2020-22035)
It was discovered that FFmpeg incorrectly handled certain specially crafted JPEG files. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22037)
It was discovered that FFmpeg incorrectly performed calculations in EXR codec. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-35965)
It was discovered that FFmpeg did not verify return values of functions init_vlc and init_get_bits. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-38114, CVE-2021-38171)
It was discovered that FFmpeg incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-1475)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-20445",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-20446",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-20453",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-21041",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-21688",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-21697",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22015",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22016",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22017",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22019",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22020",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22021",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22022",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22023",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22025",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22026",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22028",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22031",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22032",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22033",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22034",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22036",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22037",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22042",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-35965",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38114",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38171",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38291",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ffmpeg",
"binary_version": "7:3.4.11-0ubuntu0.1"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "7:3.4.11-0ubuntu0.1"
},
{
"binary_name": "libavcodec-extra57",
"binary_version": "7:3.4.11-0ubuntu0.1"
},
{
"binary_name": "libavcodec57",
"binary_version": "7:3.4.11-0ubuntu0.1"
},
{
"binary_name": "libavdevice57",
"binary_version": "7:3.4.11-0ubuntu0.1"
},
{
"binary_name": "libavfilter-extra",
"binary_version": "7:3.4.11-0ubuntu0.1"
},
{
"binary_name": "libavfilter-extra6",
"binary_version": "7:3.4.11-0ubuntu0.1"
},
{
"binary_name": "libavfilter6",
"binary_version": "7:3.4.11-0ubuntu0.1"
},
{
"binary_name": "libavformat57",
"binary_version": "7:3.4.11-0ubuntu0.1"
},
{
"binary_name": "libavresample3",
"binary_version": "7:3.4.11-0ubuntu0.1"
},
{
"binary_name": "libavutil55",
"binary_version": "7:3.4.11-0ubuntu0.1"
},
{
"binary_name": "libpostproc54",
"binary_version": "7:3.4.11-0ubuntu0.1"
},
{
"binary_name": "libswresample2",
"binary_version": "7:3.4.11-0ubuntu0.1"
},
{
"binary_name": "libswscale4",
"binary_version": "7:3.4.11-0ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ffmpeg",
"purl": "pkg:deb/ubuntu/ffmpeg@7:3.4.11-0ubuntu0.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7:3.4.11-0ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7:3.3.4-2",
"7:3.3.4-2build3",
"7:3.4-2ubuntu2",
"7:3.4-4",
"7:3.4-4build1",
"7:3.4.1-1",
"7:3.4.1-1build1",
"7:3.4.2-1",
"7:3.4.2-1build1",
"7:3.4.2-2",
"7:3.4.4-0ubuntu0.18.04.1",
"7:3.4.6-0ubuntu0.18.04.1",
"7:3.4.8-0ubuntu0.2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-20445",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-20446",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-20450",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-20453",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-21041",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-21688",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-21697",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22015",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22017",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22019",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22020",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22021",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22022",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22023",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22025",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22026",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22027",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22028",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22029",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22030",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22031",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22032",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22033",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22034",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22035",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22036",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22037",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-22042",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-35965",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38114",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38171",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38291",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ffmpeg",
"binary_version": "7:4.2.7-0ubuntu0.1"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "7:4.2.7-0ubuntu0.1"
},
{
"binary_name": "libavcodec-extra58",
"binary_version": "7:4.2.7-0ubuntu0.1"
},
{
"binary_name": "libavcodec58",
"binary_version": "7:4.2.7-0ubuntu0.1"
},
{
"binary_name": "libavdevice58",
"binary_version": "7:4.2.7-0ubuntu0.1"
},
{
"binary_name": "libavfilter-extra",
"binary_version": "7:4.2.7-0ubuntu0.1"
},
{
"binary_name": "libavfilter-extra7",
"binary_version": "7:4.2.7-0ubuntu0.1"
},
{
"binary_name": "libavfilter7",
"binary_version": "7:4.2.7-0ubuntu0.1"
},
{
"binary_name": "libavformat58",
"binary_version": "7:4.2.7-0ubuntu0.1"
},
{
"binary_name": "libavresample4",
"binary_version": "7:4.2.7-0ubuntu0.1"
},
{
"binary_name": "libavutil56",
"binary_version": "7:4.2.7-0ubuntu0.1"
},
{
"binary_name": "libpostproc55",
"binary_version": "7:4.2.7-0ubuntu0.1"
},
{
"binary_name": "libswresample3",
"binary_version": "7:4.2.7-0ubuntu0.1"
},
{
"binary_name": "libswscale5",
"binary_version": "7:4.2.7-0ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ffmpeg",
"purl": "pkg:deb/ubuntu/ffmpeg@7:4.2.7-0ubuntu0.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7:4.2.7-0ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7:4.1.4-1build2",
"7:4.2.1-2",
"7:4.2.1-2ubuntu1",
"7:4.2.2-1build1",
"7:4.2.2-1ubuntu1",
"7:4.2.4-1ubuntu0.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-1475",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ffmpeg",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavcodec-extra58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavcodec58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavdevice58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavfilter-extra",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavfilter-extra7",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavfilter7",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavformat-extra",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavformat-extra58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavformat58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavutil56",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libpostproc55",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libswresample3",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libswscale5",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ffmpeg",
"purl": "pkg:deb/ubuntu/ffmpeg@7:4.4.2-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7:4.4.2-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7:4.4-6ubuntu5",
"7:4.4.1-2ubuntu1",
"7:4.4.1-3ubuntu1",
"7:4.4.1-3ubuntu2",
"7:4.4.1-3ubuntu3",
"7:4.4.1-3ubuntu5"
]
}
],
"aliases": [],
"details": "It was discovered that FFmpeg would attempt to divide by zero when using Linear\nPredictive Coding (LPC) or AAC codecs. An attacker could possibly use this\nissue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-20445, CVE-2020-20446,\nCVE-2020-20453)\n\nIt was discovered that FFmpeg incorrectly handled certain input. An attacker\ncould possibly use this issue to cause a denial of service. This issue only\naffected Ubuntu 20.04 LTS. (CVE-2020-20450)\n\nIt was discovered that FFmpeg incorrectly handled file conversion to APNG\nformat. An attacker could possibly use this issue to cause a denial of\nservice. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.\n(CVE-2020-21041)\n\nIt was discovered that FFmpeg incorrectly handled remuxing RTP-hint tracks.\nA remote attacker could possibly use this issue to execute arbitrary code.\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.\n(CVE-2020-21688)\n\nIt was discovered that FFmpeg incorrectly handled certain specially crafted\nAVI files. An attacker could possibly use this issue to cause a denial of\nservice. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.\n(CVE-2020-21697)\n\nIt was discovered that FFmpeg incorrectly handled writing MOV video tags. An\nattacker could possibly use this issue to cause a denial of service, obtain\nsensitive information or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22015)\n\nIt was discovered that FFmpeg incorrectly handled writing MOV files. An\nattacker could possibly use this issue to cause a denial of service or other\nunspecified impact. This issue affected only Ubuntu 18.04 LTS. (CVE-2020-22016)\n\nIt was discovered that FFmpeg incorrectly handled memory when using certain\nfilters. An attacker could possibly use this issue to cause a denial of service\nor other unspecified impact. This issue only affected Ubuntu 18.04 LTS and\nUbuntu 20.04 LTS. (CVE-2020-22017, CVE-2020-22020, CVE-2020-22022,\nCVE-2020-22023, CVE-2022-22025, CVE-2020-22026, CVE-2020-22028, CVE-2020-22031,\nCVE-2020-22032, CVE-2020-22034, CVE-2020-22036, CVE-2020-22042)\n\nIt was discovered that FFmpeg incorrectly handled memory when using certain\nfilters. An attacker could possibly use this issue to cause a denial of service\nor other unspecified impact. This issue only affected Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22019, CVE-2020-22021,\nCVE-2020-22033)\n\nIt was discovered that FFmpeg incorrectly handled memory when using certain\nfilters. An attacker could possibly use this issue to cause a denial of service\nor other unspecified impact. This issue only affected Ubuntu 21.10.\n(CVE-2020-22027, CVE-2020-22029, CVE-2020-22030, CVE-2020-22035)\n\nIt was discovered that FFmpeg incorrectly handled certain specially crafted\nJPEG files. An attacker could possibly use this issue to obtain sensitive\ninformation. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and\nUbuntu 21.10. (CVE-2020-22037)\n\nIt was discovered that FFmpeg incorrectly performed calculations in EXR codec.\nAn attacker could possibly use this issue to cause a denial of service. This\nissue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-35965)\n\nIt was discovered that FFmpeg did not verify return values of functions\ninit_vlc and init_get_bits. An attacker could possibly use this issue to cause\na denial of service or other unspecified impact. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-38114,\nCVE-2021-38171)\n\nIt was discovered that FFmpeg incorrectly handled certain specially crafted\nfiles. An attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-1475)\n",
"id": "USN-5472-1",
"modified": "2026-04-27T14:11:28Z",
"published": "2022-06-08T11:54:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5472-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-20445"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-20446"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-20450"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-20453"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-21041"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-21688"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-21697"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22015"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22016"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22017"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22019"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22020"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22021"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22022"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22023"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22025"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22026"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22027"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22028"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22029"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22030"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22031"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22032"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22033"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22034"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22035"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22036"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22037"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-22042"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-35965"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38114"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38171"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38291"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-1475"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "ffmpeg vulnerabilities",
"upstream": [
"UBUNTU-CVE-2020-20445",
"UBUNTU-CVE-2020-20446",
"UBUNTU-CVE-2020-20450",
"UBUNTU-CVE-2020-20453",
"UBUNTU-CVE-2020-21041",
"UBUNTU-CVE-2020-21688",
"UBUNTU-CVE-2020-21697",
"UBUNTU-CVE-2020-22015",
"UBUNTU-CVE-2020-22016",
"UBUNTU-CVE-2020-22017",
"UBUNTU-CVE-2020-22019",
"UBUNTU-CVE-2020-22020",
"UBUNTU-CVE-2020-22021",
"UBUNTU-CVE-2020-22022",
"UBUNTU-CVE-2020-22023",
"UBUNTU-CVE-2020-22025",
"UBUNTU-CVE-2020-22026",
"UBUNTU-CVE-2020-22027",
"UBUNTU-CVE-2020-22028",
"UBUNTU-CVE-2020-22029",
"UBUNTU-CVE-2020-22030",
"UBUNTU-CVE-2020-22031",
"UBUNTU-CVE-2020-22032",
"UBUNTU-CVE-2020-22033",
"UBUNTU-CVE-2020-22034",
"UBUNTU-CVE-2020-22035",
"UBUNTU-CVE-2020-22036",
"UBUNTU-CVE-2020-22037",
"UBUNTU-CVE-2020-22042",
"UBUNTU-CVE-2020-35965",
"UBUNTU-CVE-2021-38114",
"UBUNTU-CVE-2021-38171",
"UBUNTU-CVE-2021-38291",
"UBUNTU-CVE-2022-1475"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.