Denial of Service Vulnerability in FFmpeg's TIFF Processing
CVE-2020-36138

7.5HIGH

Key Information:

Vendor: Ffmpeg
Status: Ffmpeg
Vendor: CVE Published:; 11 August 2023

What is CVE-2020-36138?

A vulnerability exists in the TIFF decoding function of FFmpeg version 4.3, specifically within the decode_frame method in the libavcodec/tiff.c file. This flaw allows remote attackers to exploit the issue, potentially leading to a denial of service condition. By crafting specific TIFF files, attackers can trigger unexpected behavior within the decoder, resulting in crashes or service disruptions for applications utilizing this multimedia framework.

References

https://trac.ffmpeg.org/ticket/8960

https://github.com/FFmpeg/FFmpeg/commit/292e41ce650a7b5ca...

https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2020-Nove...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2023
Vulnerability Reserved
Jan 4, 2021

Ffmpeg

What is CVE-2020-36138?

References

CVSS V3.1

Timeline