CVE-2020-35965

decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.

References

Affected packages

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type: GIT
Repo: https://github.com/ffmpeg/ffmpeg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3e5959b3457f7f1856d997261e6ac672bba49e8b

Fixed

b0a8b40294ea212c1938348ff112ef1b9bf16bb3

Affected versions

Other

n0.*

n0.11-dev

n0.12-dev

n0.8

n1.*

n1.1-dev

n1.2-dev

n1.3-dev

n2.*

n2.0

n2.1-dev

n2.2-dev

n2.3-dev

n2.4-dev

n2.5-dev

n2.6-dev

n2.7-dev

n2.8-dev

n2.9-dev

n3.*

n3.1-dev

n3.2-dev

n3.3-dev

n3.4-dev

n3.5-dev

n4.*

n4.1-dev

n4.2-dev

n4.3-dev

n4.4-dev

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 3875.0,
            "function_hash": "335900245080905195518199500105634341627"
        },
        "signature_version": "v1",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3",
        "target": {
            "file": "libavcodec/exr.c",
            "function": "decode_frame"
        },
        "id": "CVE-2020-35965-46b6d8a5"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "314669553627519175455910785186614959061",
                "1607368138201453610048915646059563107",
                "244482794177306786665733148081237557086",
                "214458255490862211237265395190480335490",
                "263897946523995697652292010420148165934",
                "19272380277864278366063073187641011363",
                "219757913322254528710254513951421514529",
                "170780553531284558693191737341113297",
                "37814278519587150644049758241271325829",
                "46704310771709105788335437876713644209"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3",
        "target": {
            "file": "libavcodec/exr.c"
        },
        "id": "CVE-2020-35965-9adf2974"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 3851.0,
            "function_hash": "124937820520588315441984477221866751122"
        },
        "signature_version": "v1",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b",
        "target": {
            "file": "libavcodec/exr.c",
            "function": "decode_frame"
        },
        "id": "CVE-2020-35965-e8160555"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "11453760296080827596215104085033325511",
                "338685430887148091291965859791680091872",
                "172064141470120326502547602228483699307",
                "68840693532925938066564762591449107621"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b",
        "target": {
            "file": "libavcodec/exr.c"
        },
        "id": "CVE-2020-35965-fdcf59d3"
    }
]

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type: GIT
Repo: https://git.ffmpeg.org/ffmpeg.git
Events: Introduced

6b6b9e593dd4d3aaf75f48d40a13ef03bdef9fdb

Fixed

c5079bf3bccd24bf8ed45ff47ff4071fd09e9fd8