Launchpad.net

CVE 2020-21688

A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.

CVE-2020-21688 (Candidate) is related to these bugs:

Bug #1970674: New bug fix releases 3.4.11, 4.2.7 and 4.4.2

		In	Importance	Status
1970674	New bug fix releases 3.4.11, 4.2.7 and 4.4.2	ffmpeg (Ubuntu)	Undecided	Fix Released
1970674	New bug fix releases 3.4.11, 4.2.7 and 4.4.2	ffmpeg (Ubuntu Focal)	Undecided	Fix Released
1970674	New bug fix releases 3.4.11, 4.2.7 and 4.4.2	ffmpeg (Ubuntu Jammy)	Undecided	Fix Released
1970674	New bug fix releases 3.4.11, 4.2.7 and 4.4.2	ffmpeg (Ubuntu Impish)	Undecided	Fix Released
1970674	New bug fix releases 3.4.11, 4.2.7 and 4.4.2	ffmpeg (Ubuntu Bionic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.