A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22023
Reference (s):
- DEBIAN:DSA-4990
- URL: https://www.debian.org/security/2021/dsa-4990
- https://trac.ffmpeg.org/ticket/8244
- MLIST:[debian-lts-announce] 20210815 [SECURITY] [DLA 2742-1] ffmpeg security update
- URL: https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html