CVE-2020-20448: 
Ffmpeg vulnerability analysis and mitigation

FFmpeg 4.1.3 was identified with a Divide By Zero vulnerability in the libavcodec/ratecontrol.c component. The vulnerability was discovered and assigned CVE-2020-20448, with the initial CVE record being created on August 13, 2020. This security flaw affects the FFmpeg multimedia framework, specifically version 4.1.3 (CVE Details).

The vulnerability is classified as a Divide By Zero issue (CWE-369) that exists in the libavcodec/ratecontrol.c component of FFmpeg. The severity of this vulnerability has been assessed with a CVSS v3.1 Base Score of 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The CVSS v2.0 Base Score is 4.0 (Medium) with the vector (AV:N/AC:L/Au:S/C:N/I:N/A:P) (NVD).

When exploited, this vulnerability allows a remote malicious user to cause a Denial of Service condition in the affected FFmpeg installation. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (NVD).

The floating point division issue was fixed in commit 55279d699fa64d8eb1185d8db04ab4ed92e8dea2, and the undefined shifts in snowenc were addressed in commit 8802e329c8317ca5ceb929df48a23eb0f9e852b2. Various Linux distributions have released fixed versions, including Debian which addressed this in version 7:4.1.6-1~deb10u1 (FFmpeg Ticket, Debian Tracker).