A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/107384 | Broken Link |
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65 | Mailing List Patch Third Party Advisory |
https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774 | Patch Third Party Advisory |
https://usn.ubuntu.com/3967-1/ | Third Party Advisory |
Configurations
History
07 Oct 2022, 01:57
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/107384 - Broken Link | |
References | (MISC) https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774 - Patch, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3967-1/ - Third Party Advisory | |
CPE | cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* |
|
First Time |
Canonical ubuntu Linux
Canonical |
04 Jan 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. |
Information
Published : 2019-03-12 09:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-9721
Mitre link : CVE-2019-9721
CVE.ORG link : CVE-2019-9721
JSON object : View
Products Affected
canonical
- ubuntu_linux
ffmpeg
- ffmpeg
CWE
CWE-125
Out-of-bounds Read