Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1999015 (GCVE-0-2018-1999015)
Vulnerability from cvelistv5 – Published: 2018-07-23 15:00 – Updated: 2024-08-05 12:47
VLAI?
EPSS
Summary
FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-07-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104896"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-07-20T00:00:00.000Z",
"datePublic": "2018-07-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "104896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104896"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-20T20:44:32.981391",
"DATE_REQUESTED": "2018-07-13T16:19:44",
"ID": "CVE-2018-1999015",
"REQUESTER": "paulcher@icloud.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104896"
},
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a",
"refsource": "CONFIRM",
"url": "https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1999015",
"datePublished": "2018-07-23T15:00:00.000Z",
"dateReserved": "2018-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.0.1\", \"matchCriteriaId\": \"9B915B68-D7F0-4B61-9DA0-000EE6AE9A51\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.\"}, {\"lang\": \"es\", \"value\": \"FFmpeg antes del commit con ID 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contiene una vulnerabilidad de lectura fuera de array en el demuxer de formato ASF_F que puede resultar en la lecturade la memoria din\\u00e1mica (heap). Este ataque parece ser explotable mediante un archivo ASF especialmente manipulado que debe proporcionarse como entrada. La vulnerabilidad parece haber sido solucionada en 5aba5b89d0b1d73164d3b81764828bb8b20ff32a y siguientes.\"}]",
"id": "CVE-2018-1999015",
"lastModified": "2024-11-21T03:57:03.340",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2018-07-23T15:29:00.503",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/104896\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104896\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-1999015\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-07-23T15:29:00.503\",\"lastModified\":\"2024-11-21T03:57:03.340\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.\"},{\"lang\":\"es\",\"value\":\"FFmpeg antes del commit con ID 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contiene una vulnerabilidad de lectura fuera de array en el demuxer de formato ASF_F que puede resultar en la lecturade la memoria din\u00e1mica (heap). Este ataque parece ser explotable mediante un archivo ASF especialmente manipulado que debe proporcionarse como entrada. La vulnerabilidad parece haber sido solucionada en 5aba5b89d0b1d73164d3b81764828bb8b20ff32a y siguientes.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.0.1\",\"matchCriteriaId\":\"9B915B68-D7F0-4B61-9DA0-000EE6AE9A51\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104896\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104896\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
BDU:2024-09055
Vulnerability from fstec - Published: 05.07.2018
VLAI Severity ?
Title
Уязвимость компонента demuxer мультимедийной библиотеки FFmpeg, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным
Description
Уязвимость компонента demuxer мультимедийной библиотеки FFmpeg связана с чтением за допустимыми границами буфера данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным с помощью специально созданного ASF файла
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», FFmpeg team
Software Name
Debian GNU/Linux, Astra Linux Common Edition (запись в едином реестре российских программ №4433), FFmpeg
Software Version
11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Common Edition), до 4.0.1 включительно (FFmpeg)
Possible Mitigations
Для FFmpeg:
использование рекомендаций производителя: https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2018-1999015
Для ОС Astra Linux:
обновить пакет ffmpeg до 7:3.2.19-0+deb9u3+ci3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16
Reference
http://www.securityfocus.com/bid/104896
https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32
https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a
https://nvd.nist.gov/vuln/detail/CVE-2018-1999015
https://security-tracker.debian.org/tracker/CVE-2018-1999015
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, FFmpeg team",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Common Edition), \u0434\u043e 4.0.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FFmpeg)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f FFmpeg:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2018-1999015\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ffmpeg \u0434\u043e 7:3.2.19-0+deb9u3+ci3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.07.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "07.11.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.11.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-09055",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-1999015",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), FFmpeg",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 demuxer \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 FFmpeg, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 demuxer \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 FFmpeg \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e ASF \u0444\u0430\u0439\u043b\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.securityfocus.com/bid/104896\nhttps://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32\nhttps://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1999015\nhttps://security-tracker.debian.org/tracker/CVE-2018-1999015\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}
CNVD-2019-02930
Vulnerability from cnvd - Published: 2019-01-25
VLAI Severity ?
Title
FFmpeg ASF_F format demuxer数组越界读取漏洞
Description
FFmpeg是FFmpeg团队的一套可录制、转换以及流化音视频的完整解决方案。ASF_F format demuxer是其中的一个视、音频分离器。
FFmpeg commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a之前版本中的ASF_F format demuxer数组存在越界读取漏洞。攻击者可借助特制的ASF文件利用该漏洞读取堆内存。
Severity
中
Patch Name
FFmpeg ASF_F format demuxer数组越界读取漏洞的补丁
Patch Description
FFmpeg是FFmpeg团队的一套可录制、转换以及流化音视频的完整解决方案。ASF_F format demuxer是其中的一个视、音频分离器。
FFmpeg commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a之前版本中的ASF_F format demuxer数组存在越界读取漏洞。攻击者可借助特制的ASF文件利用该漏洞读取堆内存。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-1999015
Impacted products
| Name | FFmpeg Ffmpeg <commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a |
|---|
{
"bids": {
"bid": {
"bidNumber": "104896"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2018-1999015"
}
},
"description": "FFmpeg\u662fFFmpeg\u56e2\u961f\u7684\u4e00\u5957\u53ef\u5f55\u5236\u3001\u8f6c\u6362\u4ee5\u53ca\u6d41\u5316\u97f3\u89c6\u9891\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848\u3002ASF_F format demuxer\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u89c6\u3001\u97f3\u9891\u5206\u79bb\u5668\u3002\n\nFFmpeg commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a\u4e4b\u524d\u7248\u672c\u4e2d\u7684ASF_F format demuxer\u6570\u7ec4\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684ASF\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u5806\u5185\u5b58\u3002",
"discovererName": "Paul Ch",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-02930",
"openTime": "2019-01-25",
"patchDescription": "FFmpeg\u662fFFmpeg\u56e2\u961f\u7684\u4e00\u5957\u53ef\u5f55\u5236\u3001\u8f6c\u6362\u4ee5\u53ca\u6d41\u5316\u97f3\u89c6\u9891\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848\u3002ASF_F format demuxer\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u89c6\u3001\u97f3\u9891\u5206\u79bb\u5668\u3002\r\n\r\nFFmpeg commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a\u4e4b\u524d\u7248\u672c\u4e2d\u7684ASF_F format demuxer\u6570\u7ec4\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684ASF\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u5806\u5185\u5b58\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "FFmpeg ASF_F format demuxer\u6570\u7ec4\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "FFmpeg Ffmpeg \u003ccommit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015",
"serverity": "\u4e2d",
"submitTime": "2018-07-24",
"title": "FFmpeg ASF_F format demuxer\u6570\u7ec4\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e"
}
cleanstart-2026-xe32069
Vulnerability from cleanstart
Published
2026-02-06 01:10
Modified
2026-02-03 13:35
Summary
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...
Details
Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "ffmpeg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-XE32069",
"modified": "2026-02-03T13:35:45Z",
"published": "2026-02-06T01:10:32.733224Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-XE32069.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47470"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47470"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...",
"upstream": [
"CVE-2017-14058",
"CVE-2017-14225",
"CVE-2018-10001",
"CVE-2018-12458",
"CVE-2018-12459",
"CVE-2018-12460",
"CVE-2018-13300",
"CVE-2018-13301",
"CVE-2018-13302",
"CVE-2018-13303",
"CVE-2018-13304",
"CVE-2018-13305",
"CVE-2018-14394",
"CVE-2018-14395",
"CVE-2018-15822",
"CVE-2018-1999010",
"CVE-2018-1999011",
"CVE-2018-1999012",
"CVE-2018-1999013",
"CVE-2018-1999014",
"CVE-2018-1999015",
"CVE-2018-6912",
"CVE-2018-7557",
"CVE-2018-7751",
"CVE-2018-7757",
"CVE-2018-9841",
"CVE-2019-1000016",
"CVE-2019-11338",
"CVE-2019-11339",
"CVE-2019-12730",
"CVE-2019-17539",
"CVE-2019-17542",
"CVE-2019-9718",
"CVE-2019-9721",
"CVE-2020-12284",
"CVE-2020-13904",
"CVE-2020-14212",
"CVE-2020-20446",
"CVE-2020-20450",
"CVE-2020-20453",
"CVE-2020-21041",
"CVE-2020-22015",
"CVE-2020-22019",
"CVE-2020-22021",
"CVE-2020-22037",
"CVE-2020-22038",
"CVE-2020-22042",
"CVE-2020-24020",
"CVE-2020-35964",
"CVE-2020-35965",
"CVE-2021-30123",
"CVE-2021-33815",
"CVE-2021-38114",
"CVE-2021-38171",
"CVE-2021-38291",
"CVE-2022-3965",
"CVE-2023-46407",
"CVE-2023-47342",
"CVE-2023-47470"
]
}
cleanstart-2026-ps82605
Vulnerability from cleanstart
Published
2026-02-06 01:09
Modified
2026-02-03 13:35
Summary
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...
Details
Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "ffmpeg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-PS82605",
"modified": "2026-02-03T13:35:45Z",
"published": "2026-02-06T01:09:01.544353Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-PS82605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47470"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47470"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...",
"upstream": [
"CVE-2017-14058",
"CVE-2017-14225",
"CVE-2018-10001",
"CVE-2018-12458",
"CVE-2018-12459",
"CVE-2018-12460",
"CVE-2018-13300",
"CVE-2018-13301",
"CVE-2018-13302",
"CVE-2018-13303",
"CVE-2018-13304",
"CVE-2018-13305",
"CVE-2018-14394",
"CVE-2018-14395",
"CVE-2018-15822",
"CVE-2018-1999010",
"CVE-2018-1999011",
"CVE-2018-1999012",
"CVE-2018-1999013",
"CVE-2018-1999014",
"CVE-2018-1999015",
"CVE-2018-6912",
"CVE-2018-7557",
"CVE-2018-7751",
"CVE-2018-7757",
"CVE-2018-9841",
"CVE-2019-1000016",
"CVE-2019-11338",
"CVE-2019-11339",
"CVE-2019-12730",
"CVE-2019-17539",
"CVE-2019-17542",
"CVE-2019-9718",
"CVE-2019-9721",
"CVE-2020-12284",
"CVE-2020-13904",
"CVE-2020-14212",
"CVE-2020-20446",
"CVE-2020-20450",
"CVE-2020-20453",
"CVE-2020-21041",
"CVE-2020-22015",
"CVE-2020-22019",
"CVE-2020-22021",
"CVE-2020-22037",
"CVE-2020-22038",
"CVE-2020-22042",
"CVE-2020-24020",
"CVE-2020-35964",
"CVE-2020-35965",
"CVE-2021-30123",
"CVE-2021-33815",
"CVE-2021-38114",
"CVE-2021-38171",
"CVE-2021-38291",
"CVE-2022-3965",
"CVE-2023-46407",
"CVE-2023-47342",
"CVE-2023-47470"
]
}
cleanstart-2026-ez98723
Vulnerability from cleanstart
Published
2026-01-30 14:21
Modified
2026-01-29 18:58
Summary
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...
Details
Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "ffmpeg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-EZ98723",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T14:21:51.714006Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-EZ98723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47470"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47470"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...",
"upstream": [
"CVE-2017-14058",
"CVE-2017-14225",
"CVE-2018-10001",
"CVE-2018-12458",
"CVE-2018-12459",
"CVE-2018-12460",
"CVE-2018-13300",
"CVE-2018-13301",
"CVE-2018-13302",
"CVE-2018-13303",
"CVE-2018-13304",
"CVE-2018-13305",
"CVE-2018-14394",
"CVE-2018-14395",
"CVE-2018-15822",
"CVE-2018-1999010",
"CVE-2018-1999011",
"CVE-2018-1999012",
"CVE-2018-1999013",
"CVE-2018-1999014",
"CVE-2018-1999015",
"CVE-2018-6912",
"CVE-2018-7557",
"CVE-2018-7751",
"CVE-2018-7757",
"CVE-2018-9841",
"CVE-2019-1000016",
"CVE-2019-11338",
"CVE-2019-11339",
"CVE-2019-12730",
"CVE-2019-17539",
"CVE-2019-17542",
"CVE-2019-9718",
"CVE-2019-9721",
"CVE-2020-12284",
"CVE-2020-13904",
"CVE-2020-14212",
"CVE-2020-20446",
"CVE-2020-20450",
"CVE-2020-20453",
"CVE-2020-21041",
"CVE-2020-22015",
"CVE-2020-22019",
"CVE-2020-22021",
"CVE-2020-22037",
"CVE-2020-22038",
"CVE-2020-22042",
"CVE-2020-24020",
"CVE-2020-35964",
"CVE-2020-35965",
"CVE-2021-30123",
"CVE-2021-33815",
"CVE-2021-38114",
"CVE-2021-38171",
"CVE-2021-38291",
"CVE-2022-3965",
"CVE-2023-46407",
"CVE-2023-47470"
]
}
GSD-2018-1999015
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-1999015",
"description": "FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.",
"id": "GSD-2018-1999015",
"references": [
"https://www.suse.com/security/cve/CVE-2018-1999015.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-1999015"
],
"details": "FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.",
"id": "GSD-2018-1999015",
"modified": "2023-12-13T01:22:43.749166Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-20T20:44:32.981391",
"DATE_REQUESTED": "2018-07-13T16:19:44",
"ID": "CVE-2018-1999015",
"REQUESTER": "paulcher@icloud.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104896"
},
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a",
"refsource": "CONFIRM",
"url": "https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1999015"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a"
},
{
"name": "104896",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104896"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2018-09-20T16:22Z",
"publishedDate": "2018-07-23T15:29Z"
}
}
}
FKIE_CVE-2018-1999015
Vulnerability from fkie_nvd - Published: 2018-07-23 15:29 - Updated: 2024-11-21 03:57
Severity ?
Summary
FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/104896 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104896 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B915B68-D7F0-4B61-9DA0-000EE6AE9A51",
"versionEndIncluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later."
},
{
"lang": "es",
"value": "FFmpeg antes del commit con ID 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contiene una vulnerabilidad de lectura fuera de array en el demuxer de formato ASF_F que puede resultar en la lecturade la memoria din\u00e1mica (heap). Este ataque parece ser explotable mediante un archivo ASF especialmente manipulado que debe proporcionarse como entrada. La vulnerabilidad parece haber sido solucionada en 5aba5b89d0b1d73164d3b81764828bb8b20ff32a y siguientes."
}
],
"id": "CVE-2018-1999015",
"lastModified": "2024-11-21T03:57:03.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-23T15:29:00.503",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104896"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-W6MF-F4JP-73HM
Vulnerability from github – Published: 2022-05-14 02:58 – Updated: 2022-05-14 02:58
VLAI?
Details
FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2018-1999015"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-23T15:29:00Z",
"severity": "MODERATE"
},
"details": "FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.",
"id": "GHSA-w6mf-f4jp-73hm",
"modified": "2022-05-14T02:58:51Z",
"published": "2022-05-14T02:58:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104896"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…