CVE-2021-38291

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-38291

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38291.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-38291

Downstream

DEBIAN-CVE-2021-38291

DLA-2818-1

DSA-4990-1

DSA-4998-1

JLSEC-2025-117

SUSE-SU-2024:3114-1

UBUNTU-CVE-2021-38291

USN-5167-1

USN-5472-1

Related

Published

2021-08-12T16:15:10Z

Modified

2025-10-28T04:10:07.028278Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.

References

Affected packages

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type: GIT
Repo: https://git.ffmpeg.org/ffmpeg.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

60037d6693f51d475e1b619c0763234287fcf422

Affected versions

Other

N

n0.*

n0.11-dev

n0.12-dev

n0.8

n1.*

n1.1-dev

n1.2-dev

n1.3-dev

n2.*

n2.0

n2.1-dev

n2.2-dev

n2.3-dev

n2.4-dev

n2.5-dev

n2.6-dev

n2.7-dev

n2.8-dev

n2.9-dev

n3.*

n3.1-dev

n3.2-dev

n3.3-dev

n3.4-dev

n3.5-dev

n4.*

n4.1-dev

n4.2

n4.2-dev

n4.2.1

n4.2.2

n4.2.3

n4.2.4

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type: GIT
Repo: https://github.com/ffmpeg/ffmpeg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fbb83f3d413fa33cd543015856b0171d0bd7de11

Affected versions

Other

N

n0.*

n0.11-dev

n0.12-dev

n0.8

n1.*

n1.1-dev

n1.2-dev

n1.3-dev

n2.*

n2.0

n2.1-dev

n2.2-dev

n2.3-dev

n2.4-dev

n2.5-dev

n2.6-dev

n2.7-dev

n2.8-dev

n2.9-dev

n3.*

n3.1-dev

n3.2-dev

n3.3-dev

n3.4-dev

n3.5-dev

n4.*

n4.1

n4.1-dev

n4.1.1

n4.1.2

n4.1.3

n4.1.4

n4.1.5

n4.1.6

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "214803039889315537356725353018178750454",
            "length": 3476.0
        },
        "target": {
            "file": "libavformat/wvdec.c",
            "function": "wv_read_block_header"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/fbb83f3d413fa33cd543015856b0171d0bd7de11",
        "id": "CVE-2021-38291-48970485",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "251307755643448423117393967764287524003",
                "206464569714612371624097047065094077137",
                "204565516564241691171555941667575719474",
                "307268568101377705266031103909715185175",
                "177221837149411978514742847518715725014",
                "168857164016796346900914218416968224909",
                "269737559404820613432451688629928013255",
                "255726005416801983841432562937282134686"
            ]
        },
        "target": {
            "file": "libavformat/wvdec.c"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/fbb83f3d413fa33cd543015856b0171d0bd7de11",
        "id": "CVE-2021-38291-fa043df0",
        "deprecated": false,
        "signature_version": "v1"
    }
]