Vulnerability Description
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | <= 4.0.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104896Third Party AdvisoryVDB Entry
- https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75Issue TrackingPatchThird Party Advisory
- http://www.securityfocus.com/bid/104896Third Party AdvisoryVDB Entry
- https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2018-1999014?
CVE-2018-1999014 is a vulnerability with a CVSS score of 6.5 (MEDIUM). FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via speci...
How severe is CVE-2018-1999014?
CVE-2018-1999014 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1999014?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.