CVE-2020-35965

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-35965
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35965.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-35965
Downstream
Related
Published
2021-01-04T02:15:11.273Z
Modified
2026-04-16T00:04:23.375214345Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "10.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type
GIT
Repo
https://github.com/ffmpeg/ffmpeg
Events
Introduced
6b6b9e593dd4d3aaf75f48d40a13ef03bdef9fdb
Fixed
c5079bf3bccd24bf8ed45ff47ff4071fd09e9fd8
Fixed
3e5959b3457f7f1856d997261e6ac672bba49e8b
Fixed
b0a8b40294ea212c1938348ff112ef1b9bf16bb3
Database specific 
{
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.3.1"
        },
        {
            "fixed": "4.4"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35965.json"
vanir_signatures_modified 
"2026-04-11T23:14:27Z"
vanir_signatures 
[
    {
        "source": "https://github.com/ffmpeg/ffmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b",
        "digest": {
            "function_hash": "124937820520588315441984477221866751122",
            "length": 3851.0
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2020-35965-e8160555",
        "signature_version": "v1",
        "target": {
            "file": "libavcodec/exr.c",
            "function": "decode_frame"
        }
    },
    {
        "source": "https://github.com/ffmpeg/ffmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b",
        "digest": {
            "line_hashes": [
                "11453760296080827596215104085033325511",
                "338685430887148091291965859791680091872",
                "172064141470120326502547602228483699307",
                "68840693532925938066564762591449107621"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2020-35965-fdcf59d3",
        "signature_version": "v1",
        "target": {
            "file": "libavcodec/exr.c"
        }
    }
]