Vulnerability Description
FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | <= 4.0.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104896Third Party AdvisoryVDB Entry
- https://github.com/FFmpeg/FFmpeg/commit/2b46ebdbff1d8dec7a3d8ea280a612b91a582869Issue TrackingPatchThird Party Advisory
- https://seclists.org/bugtraq/2019/May/60
- https://www.debian.org/security/2019/dsa-4449
- http://www.securityfocus.com/bid/104896Third Party AdvisoryVDB Entry
- https://github.com/FFmpeg/FFmpeg/commit/2b46ebdbff1d8dec7a3d8ea280a612b91a582869Issue TrackingPatchThird Party Advisory
- https://seclists.org/bugtraq/2019/May/60
- https://www.debian.org/security/2019/dsa-4449
FAQ
What is CVE-2018-1999011?
CVE-2018-1999011 is a vulnerability with a CVSS score of 8.8 (HIGH). FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code ex...
How severe is CVE-2018-1999011?
CVE-2018-1999011 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1999011?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.