CVE-2020-20902 — MEDIUM (6.5)

Vulnerability Description

A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ffmpeg	Ffmpeg	4.2.1

Related Weaknesses (CWE)

CWE-125

References

http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=0c61661a2cbe1b8b284c80a
https://trac.ffmpeg.org/ticket/8176Issue TrackingPatchVendor Advisory
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=0c61661a2cbe1b8b284c80a
https://trac.ffmpeg.org/ticket/8176Issue TrackingPatchVendor Advisory

FAQ

What is CVE-2020-20902?

CVE-2020-20902 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that c...

How severe is CVE-2020-20902?

CVE-2020-20902 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-20902?

Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.