CVE-2020-13904

Published
View on NVD ↗
CVSS v3
5.5
MEDIUM
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT

Description

FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.

FFmpeg/FFmpeg
FFmpeg/FFmpeg
Mirror of https://git.ffmpeg.org/ffmpeg.git
GitHubGitHub
61.4K