{"id":"CVE-2020-13904","details":"FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.","modified":"2026-03-15T22:32:59.913272Z","published":"2020-06-07T19:15:09.703Z","related":["MGASA-2020-0290","SUSE-SU-2021:2322-1","SUSE-SU-2021:2929-1","openSUSE-SU-2021:2322-1"],"references":[{"type":"WEB","url":"https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq%40chinaffmpeg.org/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202007-58"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4431-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4722"},{"type":"REPORT","url":"https://trac.ffmpeg.org/ticket/8673"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"last_affected":"58142a27ea96bf9246586a91a82db85e37646933"},{"introduced":"0"},{"last_affected":"d3b963cc41824a3c5b2758ac896fb23e20a87875"},{"fixed":"6959358683c7533f586c07a766acc5fe9544d8b2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.8"},{"introduced":"0"},{"last_affected":"4.2.3"}]}}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8","n2.8-dev","n2.8.1","n2.8.10","n2.8.11","n2.8.12","n2.8.13","n2.8.14","n2.8.15","n2.8.16","n2.8.2","n2.8.3","n2.8.4","n2.8.5","n2.8.6","n2.8.7","n2.8.8","n2.8.9"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["158144811077034995109933837677768601857","281751093908803107971940014393508807726","240764462031438200492845385032705040109","15703913043383878175200160282698241320","138080608107875226115977774548120949879","259048102838479733394805058517030239279","17084527969274049166290416022132557131","269990059958938381327368365588722984632"]},"deprecated":false,"signature_version":"v1","target":{"file":"libavformat/hls.c"},"id":"CVE-2020-13904-2b8821e2","source":"https://github.com/ffmpeg/ffmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2","signature_type":"Line"},{"digest":{"length":4983,"function_hash":"45061495392761575669141487341416533816"},"deprecated":false,"signature_version":"v1","target":{"file":"libavformat/hls.c","function":"parse_playlist"},"id":"CVE-2020-13904-f5815e55","source":"https://github.com/ffmpeg/ffmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2","signature_type":"Function"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13904.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}