7.5

CVE-2021-38291

Exploit
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FfmpegFfmpeg Version < 4.1.7
FfmpegFfmpeg Version >= 4.2.0 < 4.2.5
FfmpegFfmpeg Version >= 4.3.0 < 4.3.3
FfmpegFfmpeg Version >= 4.4.0 < 4.4.1
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.69% 0.839
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://www.debian.org/security/2021/dsa-4990
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2021/dsa-4998
Third Party Advisory
https://security.gentoo.org/glsa/202312-14
https://trac.ffmpeg.org/ticket/9312
Patch
Vendor Advisory
Exploit