Bugzilla – Bug 1172640
VUL-0: CVE-2020-13904: ffmpeg: use-after-free via a crafted EXTINF duration in an m3u8 file
Last modified: 2022-06-10 12:08:36 UTC
CVE-2020-13904 FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13904 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13904 https://trac.ffmpeg.org/ticket/8673 https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/
Created attachment 838860 [details] ffmpeg-CVE-2020-13904-reproducer.m3u8 QA REPRODUCER: valgrind --tool=memcheck --leak-check=no ffmpeg -i ffmpeg-CVE-2020-13904-reproducer.m3u8 2>&1 |grep -v '^\[hls' BAD OUTPUT: Invalid read of size 1 at 0x483B7DC: rindex (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C2DF32: av_match_ext (in /usr/lib64/libavformat.so.58.29.100) by 0x4C30C11: av_probe_input_format3 (in /usr/lib64/libavformat.so.58.29.100) by 0x4C30E31: av_probe_input_format2 (in /usr/lib64/libavformat.so.58.29.100) by 0x4C30FE9: av_probe_input_buffer2 (in /usr/lib64/libavformat.so.58.29.100) by 0x4C311F8: av_probe_input_buffer (in /usr/lib64/libavformat.so.58.29.100) by 0x4C3EF32: ??? (in /usr/lib64/libavformat.so.58.29.100) by 0x4D1A272: avformat_open_input (in /usr/lib64/libavformat.so.58.29.100) by 0x118161: ??? (in /usr/bin/ffmpeg) by 0x11E7D5: ??? (in /usr/bin/ffmpeg) by 0x126F9F: ??? (in /usr/bin/ffmpeg) by 0x1149AD: main (in /usr/bin/ffmpeg)
Affected: SUSE:SLE-15:Update
https://build.suse.de/request/show/243003
openSUSE-SU-2021:2322-1: An update that fixes 23 vulnerabilities is now available. Category: security (important) Bug References: 1172640,1186406,1186583,1186586,1186587,1186596,1186597,1186598,1186600,1186603,1186604,1186605,1186613,1186614,1186615,1186616,1186658,1186660,1186757,1186758,1186762,1186763 CVE References: CVE-2019-17539,CVE-2020-13904,CVE-2020-20448,CVE-2020-20451,CVE-2020-21041,CVE-2020-22015,CVE-2020-22016,CVE-2020-22017,CVE-2020-22019,CVE-2020-22020,CVE-2020-22021,CVE-2020-22022,CVE-2020-22023,CVE-2020-22025,CVE-2020-22026,CVE-2020-22031,CVE-2020-22032,CVE-2020-22033,CVE-2020-22034,CVE-2020-22038,CVE-2020-22039,CVE-2020-22043,CVE-2020-22044 JIRA References: Sources used: openSUSE Leap 15.3 (src): ffmpeg-3.4.2-11.3.1
SUSE-SU-2021:2322-1: An update that fixes 23 vulnerabilities is now available. Category: security (important) Bug References: 1172640,1186406,1186583,1186586,1186587,1186596,1186597,1186598,1186600,1186603,1186604,1186605,1186613,1186614,1186615,1186616,1186658,1186660,1186757,1186758,1186762,1186763 CVE References: CVE-2019-17539,CVE-2020-13904,CVE-2020-20448,CVE-2020-20451,CVE-2020-21041,CVE-2020-22015,CVE-2020-22016,CVE-2020-22017,CVE-2020-22019,CVE-2020-22020,CVE-2020-22021,CVE-2020-22022,CVE-2020-22023,CVE-2020-22025,CVE-2020-22026,CVE-2020-22031,CVE-2020-22032,CVE-2020-22033,CVE-2020-22034,CVE-2020-22038,CVE-2020-22039,CVE-2020-22043,CVE-2020-22044 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): ffmpeg-3.4.2-11.3.1 SUSE Linux Enterprise Workstation Extension 15-SP2 (src): ffmpeg-3.4.2-11.3.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): ffmpeg-3.4.2-11.3.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src): ffmpeg-3.4.2-11.3.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): ffmpeg-3.4.2-11.3.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): ffmpeg-3.4.2-11.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
# maintenance_jira_update_notice SUSE-SU-2021:2929-1: An update that fixes 31 vulnerabilities is now available. Category: security (important) Bug References: 1129714,1172640,1186406,1186583,1186586,1186587,1186596,1186597,1186598,1186600,1186603,1186604,1186605,1186613,1186614,1186615,1186616,1186658,1186660,1186757,1186758,1186762,1186763,1186849,1186859,1186861,1186863,1189142,1189348,1189350 CVE References: CVE-2019-17539,CVE-2019-9721,CVE-2020-13904,CVE-2020-20448,CVE-2020-20451,CVE-2020-21041,CVE-2020-21688,CVE-2020-21697,CVE-2020-22015,CVE-2020-22016,CVE-2020-22017,CVE-2020-22019,CVE-2020-22020,CVE-2020-22021,CVE-2020-22022,CVE-2020-22023,CVE-2020-22025,CVE-2020-22026,CVE-2020-22031,CVE-2020-22032,CVE-2020-22033,CVE-2020-22034,CVE-2020-22038,CVE-2020-22039,CVE-2020-22043,CVE-2020-22044,CVE-2020-22046,CVE-2020-22048,CVE-2020-22049,CVE-2020-22054,CVE-2021-38114 JIRA References: Sources used: SUSE Manager Server 4.0 (src): ffmpeg-3.4.2-4.34.2 SUSE Manager Retail Branch Server 4.0 (src): ffmpeg-3.4.2-4.34.2 SUSE Manager Proxy 4.0 (src): ffmpeg-3.4.2-4.34.2 SUSE Linux Enterprise Server for SAP 15-SP1 (src): ffmpeg-3.4.2-4.34.2 SUSE Linux Enterprise Server for SAP 15 (src): ffmpeg-3.4.2-4.34.2 SUSE Linux Enterprise Server 15-SP1-LTSS (src): ffmpeg-3.4.2-4.34.2 SUSE Linux Enterprise Server 15-SP1-BCL (src): ffmpeg-3.4.2-4.34.2 SUSE Linux Enterprise Server 15-LTSS (src): ffmpeg-3.4.2-4.34.2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): ffmpeg-3.4.2-4.34.2 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): ffmpeg-3.4.2-4.34.2 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): ffmpeg-3.4.2-4.34.2 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): ffmpeg-3.4.2-4.34.2 SUSE Enterprise Storage 6 (src): ffmpeg-3.4.2-4.34.2 SUSE CaaS Platform 4.0 (src): ffmpeg-3.4.2-4.34.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done, closing.