Wind River Support Network


LIN1021-1057 : Security Advisory - ffmpeg - CVE-2021-3566

Created: Aug 5, 2021    Updated: Oct 8, 2021
Resolved Date: Oct 8, 2021
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace


Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).

CREATE(Triage):(User=admin) CVE-2021-3566 (


Live chat