CVE-2018-1999014

NameCVE-2018-1999014
DescriptionFFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ffmpeg (PTS)stretch (security), stretch7:3.2.12-1~deb9u1fixed
buster, sid7:4.0.3-1fixed
libav (PTS)jessie (security), jessie6:11.12-1~deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ffmpegsource(unstable)7:4.0.2-1medium
ffmpegsourcestretch(not affected)
libavsource(unstable)(unfixed)medium
libavsourcejessie(not affected)

Notes

[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
[jessie] - libav <not-affected> (Vulnerable code not present)
https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e7

Search for package or bug name: Reporting problems