vulnerability
FFmpeg: CVE-2021-38171: Unchecked Return Value
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | 2021-08-21 | 2021-09-02 | 2024-11-26 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
2021-08-21
Added
2021-09-02
Modified
2024-11-26
Description
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
Solution(s)
ffmpeg-upgrade-2_8_18ffmpeg-upgrade-3_2_16ffmpeg-upgrade-3_4_9ffmpeg-upgrade-4_1_7ffmpeg-upgrade-4_2_5ffmpeg-upgrade-4_3_3ffmpeg-upgrade-4_4_1ffmpeg-upgrade-5_0
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.