CVE-2020-36138

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 11, 2023

Updated: Aug 16, 2023

CWE ID 476

Summary

CVE-2020-36138 is a denial-of-service vulnerability affecting the decode_frame function in libavcodec/tiff.c of FFmpeg version 4.3. Malicious actors can exploit this issue to cause the software to crash, leading to a denial of service. The exact cause of the vulnerability is not disclosed, but it is recommended that users upgrade to a patched version of FFmpeg to mitigate the risk. Failure to address this issue can result in service disruptions and potential data loss.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FFmpeg

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sTf3PO
https://www.cve.org/CVERecord?id=CVE-2020-36138
https://nvd.nist.gov/vuln/detail/CVE-2020-36138

Back to Vulnerability Database

CVE-2020-36138

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations