CVE-2020-22051: 
Ffmpeg vulnerability analysis and mitigation

A Denial of Service vulnerability (CVE-2020-22051) was identified in FFmpeg version 4.2. The vulnerability stems from a memory leak in the filterframe function within the vftile.c file. This vulnerability was discovered and reported in 2020, affecting FFmpeg multimedia framework installations (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The issue is classified under CWE-401 (Missing Release of Memory after Effective Lifetime). The vulnerability specifically manifests as a memory leak in the filter_frame function, which can be triggered when processing certain input files (NVD).

If exploited, this vulnerability can lead to a Denial of Service condition through application crashes. The impact is particularly significant when processing specially crafted MOV files, which can trigger the memory leak and potentially cause system resource exhaustion (Broadcom).

The vulnerability has been fixed in subsequent releases of FFmpeg. Users are advised to update their FFmpeg installations to the latest version. For Ubuntu users, specific package updates are available, including libavcodec-extra, libswscale-ffmpeg3, and various other FFmpeg-related packages (Broadcom).