CVE-2020-20450: 
Ffmpeg vulnerability analysis and mitigation

FFmpeg 4.2 is affected by a null pointer dereference vulnerability in libavformat/aviobuf.c, which was discovered in May 2021. The vulnerability is tracked as CVE-2020-20450 and affects the FFmpeg multimedia framework, particularly version 4.2. This security issue has been assigned a CVSS v3.1 base score of 7.5 (High) (NVD).

The vulnerability involves a null pointer dereference passed as an argument to libavformat/aviobuf.c at line 227, specifically in the memcpy function call within the avio_write function. The issue occurs when the buf pointer becomes null during the memory copy operation (FFmpeg Ticket). The vulnerability has been assigned a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility with low attack complexity and no required privileges or user interaction (NVD).

The exploitation of this vulnerability could result in a Denial of Service (DoS) condition. When triggered, the null pointer dereference could cause the application to crash, disrupting the service availability (NVD, Ubuntu Security).

The vulnerability has been fixed in multiple versions across different distributions. For Ubuntu 20.04 LTS, the fix is included in version 7:4.2.7-0ubuntu0.1. Debian has addressed this in version 7:4.3.3-0+deb11u1 for the stable distribution (bullseye). The upstream fix was implemented in FFmpeg commit 5400e4a50c61e53e1bc50b3e77201649bbe9c510 (Debian Security, Ubuntu Security).