vulnerability

Debian: CVE-2021-3566: ffmpeg -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Aug 5, 2021	Aug 16, 2021	Mar 30, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Aug 5, 2021

Added

Aug 16, 2021

Modified

Mar 30, 2026

Description

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).

Solution

debian-upgrade-ffmpeg

References

CVE-2021-3566
https://attackerkb.com/topics/CVE-2021-3566
CWE-200
DEBIAN-DLA-2742-1
EUVD-EUVD-2021-26876
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-26876

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report