In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/107382 | Broken Link |
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982 | Patch Third Party Advisory |
https://github.com/FFmpeg/FFmpeg/commit/23ccf3cabb4baf6e8af4b1af3fcc59c904736f21 | Patch Third Party Advisory |
https://seclists.org/bugtraq/2019/May/60 | Mailing List Third Party Advisory |
https://usn.ubuntu.com/3967-1/ | Third Party Advisory |
https://www.debian.org/security/2019/dsa-4449 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Oct 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian debian Linux
Canonical ubuntu Linux Debian Canonical |
|
CPE | cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* |
|
References | (UBUNTU) https://usn.ubuntu.com/3967-1/ - Third Party Advisory | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/May/60 - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/FFmpeg/FFmpeg/commit/23ccf3cabb4baf6e8af4b1af3fcc59c904736f21 - Patch, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/107382 - Broken Link | |
References | (DEBIAN) https://www.debian.org/security/2019/dsa-4449 - Third Party Advisory |
04 Jan 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. |
Information
Published : 2019-03-12 09:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-9718
Mitre link : CVE-2019-9718
CVE.ORG link : CVE-2019-9718
JSON object : View
Products Affected
canonical
- ubuntu_linux
debian
- debian_linux
ffmpeg
- ffmpeg
CWE
CWE-125
Out-of-bounds Read