0.002 Low
EPSS
Percentile
52.5%
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
launchpad.net/bugs/cve/CVE-2020-13904
nvd.nist.gov/vuln/detail/CVE-2020-13904
patchwork.ffmpeg.org/project/ffmpeg/patch/[email protected]/
security-tracker.debian.org/tracker/CVE-2020-13904
trac.ffmpeg.org/ticket/8673
ubuntu.com/security/notices/USN-4431-1
www.cve.org/CVERecord?id=CVE-2020-13904