Totally Secure

Security Information and News

NVD NVD Nist GOV

NVD – CVE-2020-24995

ByTotally Secure

Apr 5, 2021

CVE-2020-24995 Detail

Current Description

Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).

View Analysis Description

Analysis Description

Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).

Severity

CVSS 3.x Severity and Metrics:

CVSS 2.0 Severity and Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Weakness Enumeration

CWE-ID CWE Name Source
CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) NIST  

Change History

1 change records found show changes

Initial Analysis 4/02/2021 1:22:57 PM

Action Type Old Value New Value
Added CPE Configuration 
OR
     *cpe:2.3:a:ffmpeg:ffmpeg:3.1.2:*:*:*:*:*:*:*
Added CVSS V2 
NIST (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Added CVSS V3.1 
NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added CWE 
NIST CWE-120
Changed Reference Type 
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f No Types Assigned
 
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f Mailing List, Patch, Vendor Advisory
Changed Reference Type 
https://trac.ffmpeg.org/ticket/8845 No Types Assigned
 
https://trac.ffmpeg.org/ticket/8845 Exploit, Patch, Vendor Advisory
Changed Reference Type 
https://trac.ffmpeg.org/ticket/8859 No Types Assigned
 
https://trac.ffmpeg.org/ticket/8859 Exploit, Patch, Vendor Advisory
Changed Reference Type 
https://trac.ffmpeg.org/ticket/8860 No Types Assigned
 
https://trac.ffmpeg.org/ticket/8860 Exploit, Patch, Vendor Advisory

Quick Info

CVE Dictionary Entry:
CVE-2020-24995
NVD Published Date:
03/30/2021
NVD Last Modified:
04/02/2021
Source:
MITRE

By Totally Secure

Related Post

NVD NVD Nist GOV

NVD – CVE-2017-20187

Nov 7, 2023 Totally Secure
NVD NVD Nist GOV

NVD – CVE-2017-7252

Nov 7, 2023 Totally Secure
NVD NVD Nist GOV

NVD – CVE-2018-25092

Nov 7, 2023 Totally Secure

You missed

CISA Bulletins Security US Cert

Vulnerability Summary for the Week of January 6, 2025

January 14, 2025 Totally Secure
CISA Bulletins Security US Cert

Vulnerability Summary for the Week of December 30, 2024

January 7, 2025 Totally Secure
CISA Bulletins Security US Cert

Vulnerability Summary for the Week of December 23, 2024

December 31, 2024 Totally Secure
CISA Bulletins Security US Cert

Vulnerability Summary for the Week of December 16, 2024

December 24, 2024 Totally Secure