CVE-2020-20896: 
Ffmpeg vulnerability analysis and mitigation

A vulnerability was discovered in FFmpeg version 4.2.1, specifically in the latmwritepacket function within libavformat/latmenc.c. The vulnerability (CVE-2020-20896) was identified and disclosed on September 20, 2021. This security flaw affects the FFmpeg multimedia framework and could potentially expose systems to denial of service attacks (NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) that occurs in the latmwritepacket function. The issue received a CVSS v3.1 base score of 8.8 (HIGH), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability was introduced in FFmpeg version 3.4 and was subsequently fixed through a patch that aborts the operation if no extradata is available (FFmpeg Commit).

The vulnerability can lead to a Denial of Service condition through a NULL pointer dereference. When exploited, it could potentially cause the application to crash or become unresponsive, affecting the availability of systems running the vulnerable FFmpeg version (NVD).

The vulnerability was patched in FFmpeg through commit dd01947397b98e94c3f2a79d5820aaf4594f4d3b, which adds a check to abort if no extradata is available. Users are advised to upgrade to patched versions of FFmpeg. Various Linux distributions have also released fixed versions, including Debian which provided fixes in versions 7:4.3.7-0+deb11u1 and later (Debian Tracker).