Unchecked Return Value

CVE-2021-38171

High

9.8/10

Summary

The "adts_decode_extradata" function in "libavformat/adtsenc.c" file in FFmpeg versions through 2.8.17, 2.9-dev through 3.2.15, 3.3-dev through 3.4.8, 3.5-dev through 4.1.6, 4.2-dev through 4.2.4, and 4.3-dev through 4.3.2, 4.4-dev through 4.4.0 ad 4.5-dev, does not check the "init_get_bits" return value, which is a necessary step because the second argument to "init_get_bits" can be crafted.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-252 - Unchecked Return Value

The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

References

Advisory
Advisory
Release Note

Advisory Timeline

Published Aug 21, 2021

Unchecked Return Value

CVE-2021-38171

Summary

CWE-252 - Unchecked Return Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS