Vulnerability Description
FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | < 3.4.3 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104896Third Party AdvisoryVDB Entry
- https://github.com/FFmpeg/FFmpeg/commit/cced03dd667a5df6df8fd40d8de0bff477ee02e8PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/01/msg00006.htmlThird Party Advisory
- http://www.securityfocus.com/bid/104896Third Party AdvisoryVDB Entry
- https://github.com/FFmpeg/FFmpeg/commit/cced03dd667a5df6df8fd40d8de0bff477ee02e8PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/01/msg00006.htmlThird Party Advisory
FAQ
What is CVE-2018-1999010?
CVE-2018-1999010 is a vulnerability with a CVSS score of 9.8 (CRITICAL). FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This a...
How severe is CVE-2018-1999010?
CVE-2018-1999010 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-1999010?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg, Debian Debian Linux.