CVE-2020-20896

An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

Name	Vendor	Start Version	End Version
Ffmpeg	Ffmpeg	4.2.1 (including)	4.2.1 (including)
Ffmpeg	Ubuntu	bionic	*
Ffmpeg	Ubuntu	trusty	*
Ffmpeg	Ubuntu	upstream	*
Qtwebengine-opensource-src	Ubuntu	bionic	*
Qtwebengine-opensource-src	Ubuntu	focal	*
Qtwebengine-opensource-src	Ubuntu	hirsute	*
Qtwebengine-opensource-src	Ubuntu	impish	*
Qtwebengine-opensource-src	Ubuntu	kinetic	*
Qtwebengine-opensource-src	Ubuntu	lunar	*
Qtwebengine-opensource-src	Ubuntu	mantic	*
Qtwebengine-opensource-src	Ubuntu	oracular	*
Qtwebengine-opensource-src	Ubuntu	plucky	*
Qtwebengine-opensource-src	Ubuntu	trusty	*
Qtwebengine-opensource-src	Ubuntu	xenial	*

Potential Mitigations

References

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b
https://trac.ffmpeg.org/ticket/8273
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b
https://trac.ffmpeg.org/ticket/8273

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-20896
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References