Vulnerability Description
FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | <= 4.0.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104896Third Party AdvisoryVDB Entry
- https://github.com/FFmpeg/FFmpeg/commit/a7e032a277452366771951e29fd0bf2bd5c029f0Issue TrackingPatchThird Party Advisory
- http://www.securityfocus.com/bid/104896Third Party AdvisoryVDB Entry
- https://github.com/FFmpeg/FFmpeg/commit/a7e032a277452366771951e29fd0bf2bd5c029f0Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2018-1999013?
CVE-2018-1999013 is a vulnerability with a CVSS score of 6.5 (MEDIUM). FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. Thi...
How severe is CVE-2018-1999013?
CVE-2018-1999013 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1999013?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.