CVE-2021-33815 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 30%

Affected Products (NVD)

Vendor	Product	Version
ffmpeg	ffmpeg	4.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ffmpeg

bookworm	7:5.1.6-0+deb12u1 fixed
bookworm (security)	7:5.1.6-0+deb12u1 fixed
bullseye	7:4.3.7-0+deb11u1 fixed
bullseye (security)	7:4.3.8-0+deb11u1 fixed
sid	7:7.1-3 fixed
trixie	7:7.1-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

ffmpeg

bionic	not-affected
focal	not-affected
groovy	not-affected
hirsute	not-affected
impish	ignored
jammy	not-affected
trusty	dne
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

libavcodec58_134

suse enterprise desktop 15 SP4	4.4-150400.1.13 fixed
suse enterprise sap 15 SP4	4.4-150400.1.13 fixed
suse enterprise server 15 SP4	4.4-150400.1.13 fixed

libavformat58_76

suse enterprise desktop 15 SP4	4.4-150400.1.13 fixed
suse enterprise sap 15 SP4	4.4-150400.1.13 fixed
suse enterprise server 15 SP4	4.4-150400.1.13 fixed
suse enterprise workstation 15 SP4	4.4-150400.1.13 fixed

libavutil56_70

suse enterprise desktop 15 SP4	4.4-150400.1.13 fixed
suse enterprise sap 15 SP4	4.4-150400.1.13 fixed
suse enterprise server 15 SP4	4.4-150400.1.13 fixed

libswresample3_9

suse enterprise desktop 15 SP4	4.4-150400.1.13 fixed
suse enterprise sap 15 SP4	4.4-150400.1.13 fixed
suse enterprise server 15 SP4	4.4-150400.1.13 fixed

libswscale5_9

suse enterprise desktop 15 SP4	4.4-150400.1.13 fixed
suse enterprise sap 15 SP4	4.4-150400.1.13 fixed
suse enterprise server 15 SP4	4.4-150400.1.13 fixed
suse enterprise workstation 15 SP4	4.4-150400.1.13 fixed

Common Weakness Enumeration

CWE-129 - Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References

https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777

https://security.gentoo.org/glsa/202312-14

https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777

https://security.gentoo.org/glsa/202312-14