Vulnerability Description
FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | <= 4.0.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104896Third Party AdvisoryVDB Entry
- https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32aIssue TrackingPatchThird Party Advisory
- http://www.securityfocus.com/bid/104896Third Party AdvisoryVDB Entry
- https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32aIssue TrackingPatchThird Party Advisory
FAQ
What is CVE-2018-1999015?
CVE-2018-1999015 is a vulnerability with a CVSS score of 6.5 (MEDIUM). FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be explo...
How severe is CVE-2018-1999015?
CVE-2018-1999015 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1999015?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.