CVE-2020-35965

decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.

References

Affected packages

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type

GIT

Repo

https://github.com/ffmpeg/ffmpeg

Events

Introduced

6b6b9e593dd4d3aaf75f48d40a13ef03bdef9fdb

Fixed

c5079bf3bccd24bf8ed45ff47ff4071fd09e9fd8

Fixed

3e5959b3457f7f1856d997261e6ac672bba49e8b

Fixed

b0a8b40294ea212c1938348ff112ef1b9bf16bb3

Database specific

{
    "versions": [
        {
            "introduced": "4.3.1"
        },
        {
            "fixed": "4.4"
        }
    ]
}

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "function_hash": "335900245080905195518199500105634341627",
            "length": 3875.0
        },
        "target": {
            "file": "libavcodec/exr.c",
            "function": "decode_frame"
        },
        "id": "CVE-2020-35965-46b6d8a5",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3"
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "314669553627519175455910785186614959061",
                "1607368138201453610048915646059563107",
                "244482794177306786665733148081237557086",
                "214458255490862211237265395190480335490",
                "263897946523995697652292010420148165934",
                "19272380277864278366063073187641011363",
                "219757913322254528710254513951421514529",
                "170780553531284558693191737341113297",
                "37814278519587150644049758241271325829",
                "46704310771709105788335437876713644209"
            ]
        },
        "target": {
            "file": "libavcodec/exr.c"
        },
        "id": "CVE-2020-35965-9adf2974",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3"
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "function_hash": "124937820520588315441984477221866751122",
            "length": 3851.0
        },
        "target": {
            "file": "libavcodec/exr.c",
            "function": "decode_frame"
        },
        "id": "CVE-2020-35965-e8160555",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b"
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "11453760296080827596215104085033325511",
                "338685430887148091291965859791680091872",
                "172064141470120326502547602228483699307",
                "68840693532925938066564762591449107621"
            ]
        },
        "target": {
            "file": "libavcodec/exr.c"
        },
        "id": "CVE-2020-35965-fdcf59d3",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35965.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]