Login Sign Up

CVE-2020-21722

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2020-21722 is a buffer overflow vulnerability in oggvideotools 0.9.1 that allows remote attackers to execute arbitrary code by tricking users into opening a maliciously crafted OGG file. This affects any system running the vulnerable version of oggvideotools, potentially giving attackers full control over the compromised system.

💻 Affected Systems

Products:
  • oggvideotools
Versions: Version 0.9.1
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Any system with oggvideotools 0.9.1 installed is vulnerable when processing OGG files.

📦 What is this software?

Ogg Video Tools by Ogg Video Tools Project

View all CVEs affecting Ogg Video Tools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Local privilege escalation or denial of service when users open malicious OGG files from untrusted sources.

🟢

If Mitigated

Limited impact if systems are patched, users avoid untrusted files, and proper network segmentation is in place.

🌐 Internet-Facing: MEDIUM - Exploitation requires user interaction to open malicious files, but web applications processing OGG files could be vulnerable.
🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via email or shared drives.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept available in GitHub references. Exploitation requires user to open crafted OGG file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 0.9.2 or later

Vendor Advisory: https://sourceforge.net/p/oggvideotools/bugs/11/

Restart Required: No

Instructions:

1. Check current version with 'oggvideotools --version'. 2. Update via package manager: 'sudo apt update && sudo apt upgrade oggvideotools' (Debian/Ubuntu) or 'sudo yum update oggvideotools' (RHEL/CentOS). 3. Verify update with version check.

🔧 Temporary Workarounds

Remove oggvideotools

linux

Uninstall vulnerable software if not needed

sudo apt remove oggvideotools
sudo yum remove oggvideotools

Restrict file processing

linux

Limit oggvideotools execution to trusted users only

sudo chmod 750 /usr/bin/oggvideotools
sudo chown root:trustedgroup /usr/bin/oggvideotools

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of oggvideotools
  • Use network segmentation to isolate systems running vulnerable software

🔍 How to Verify

Check if Vulnerable:

Run 'oggvideotools --version' and check if output contains '0.9.1'

Check Version:

oggvideotools --version

Verify Fix Applied:

Run 'oggvideotools --version' and confirm version is 0.9.2 or higher

📡 Detection & Monitoring

Log Indicators:

  • Segmentation faults or abnormal crashes in oggvideotools process logs
  • Unusual process execution following oggvideotools crashes

Network Indicators:

  • Unexpected outbound connections from systems running oggvideotools

SIEM Query:

process_name:"oggvideotools" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2020-21722
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: August 22, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-21722, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)