CVE-2020-20445: 
Ffmpeg vulnerability analysis and mitigation

FFmpeg 4.2 is affected by a Divide By Zero vulnerability (CVE-2020-20445) that was discovered in the libavcodec/lpc.h component. The vulnerability was disclosed and fixed in late 2021, affecting multiple versions of FFmpeg including Debian 9 (Stretch), Debian 10 (Buster), and Debian 11 (Bullseye) distributions (Debian LTS, Debian Security).

The vulnerability occurs due to a division by zero operation at line 155 in libavcodec/lpc.h. When processing certain multimedia files, the error variable can become zero, leading to an arithmetic exception. The issue has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability allows a remote malicious user to cause a Denial of Service condition by triggering a division by zero exception, which results in the application crashing (Debian LTS).

The vulnerability has been fixed in multiple FFmpeg versions across different distributions: Debian 9 (version 7:3.2.16-1+deb9u1), Debian 10 (version 7:4.1.8-0+deb10u1), and Debian 11 (version 7:4.3.3-0+deb11u1). Users are recommended to upgrade their FFmpeg packages to these patched versions (Debian Security, Debian LTS).