An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
References
Link | Resource |
---|---|
https://github.com/FFmpeg/FFmpeg/commit/6bbef938839adc55e8e048bc9cc2e0fafe2064df | Patch Third Party Advisory |
https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8 | Issue Tracking Patch Third Party Advisory |
https://www.debian.org/security/2018/dsa-4249 | Third Party Advisory |
Configurations
History
05 Feb 2021, 21:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ffmpeg:ffmpeg:2.8:*:*:*:*:*:*:* | |
References | (CONFIRM) https://github.com/FFmpeg/FFmpeg/commit/6bbef938839adc55e8e048bc9cc2e0fafe2064df - Patch, Third Party Advisory |
05 Jan 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. |
Information
Published : 2018-06-15 15:29
Updated : 2023-12-10 12:30
NVD link : CVE-2018-12458
Mitre link : CVE-2018-12458
CVE.ORG link : CVE-2018-12458
JSON object : View
Products Affected
debian
- debian_linux
ffmpeg
- ffmpeg
CWE
CWE-20
Improper Input Validation