Login Sign Up

CVE-2020-24020

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This CVE describes a buffer overflow vulnerability in FFmpeg's DNN module that allows remote attackers to execute arbitrary code by exploiting improper memory bounds checking in the pad layer function. It affects systems running FFmpeg 4.2.3 that process untrusted media files. The vulnerability is particularly dangerous for media processing servers and applications that handle user-uploaded content.

💻 Affected Systems

Products:
  • FFmpeg
Versions: 4.2.3
Operating Systems: All platforms running FFmpeg
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when processing media files with DNN features enabled. Applications using FFmpeg libraries for media processing are affected.

📦 What is this software?

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the FFmpeg process, potentially leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Remote code execution leading to service disruption, data exfiltration, or lateral movement within the network.

🟢

If Mitigated

Denial of service if exploit fails or is blocked by security controls, with potential application crashes.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious media file that triggers the vulnerable DNN pad layer function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FFmpeg 4.2.4 and later

Vendor Advisory: https://trac.ffmpeg.org/ticket/8718

Restart Required: Yes

Instructions:

1. Update FFmpeg to version 4.2.4 or later. 2. Rebuild any applications using FFmpeg libraries. 3. Restart affected services.

🔧 Temporary Workarounds

Disable DNN processing

all

Disable DNN-based filters and features in FFmpeg configuration

Configure FFmpeg with --disable-dnn or avoid using DNN-related filters

Input validation

all

Implement strict input validation for media files before processing

🧯 If You Can't Patch

  • Implement network segmentation to isolate FFmpeg processing systems
  • Deploy application allowlisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check FFmpeg version: ffmpeg -version | grep 'version'

Check Version:

ffmpeg -version | grep 'version'

Verify Fix Applied:

Verify version is 4.2.4 or later and check commit history for fix 584f396132aa19d21bb1e38ad9a5d428869290cb

📡 Detection & Monitoring

Log Indicators:

  • FFmpeg process crashes
  • Memory access violation errors
  • Unusual process spawning from FFmpeg

Network Indicators:

  • Unexpected outbound connections from media processing servers
  • Large media file uploads to processing endpoints

SIEM Query:

Process:ffmpeg AND (EventID:1000 OR ExceptionCode:c0000005)

📊 Metadata

CVE ID: CVE-2020-24020
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: May 26, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24020, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)