Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1999014 (GCVE-0-2018-1999014)
Vulnerability from cvelistv5 – Published: 2018-07-23 15:00 – Updated: 2024-08-05 12:47
VLAI?
EPSS
Summary
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-07-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104896"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-07-20T00:00:00.000Z",
"datePublic": "2018-07-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "104896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104896"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-20T20:44:32.980405",
"DATE_REQUESTED": "2018-07-13T16:17:24",
"ID": "CVE-2018-1999014",
"REQUESTER": "paulcher@icloud.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104896"
},
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75",
"refsource": "CONFIRM",
"url": "https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1999014",
"datePublished": "2018-07-23T15:00:00.000Z",
"dateReserved": "2018-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.0.1\", \"matchCriteriaId\": \"9B915B68-D7F0-4B61-9DA0-000EE6AE9A51\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.\"}, {\"lang\": \"es\", \"value\": \"FFmpeg antes del commit con ID bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contiene una vulnerabilidad de acceso fuera de array en el demuxer de formato MXF que puede resultar en una denegaci\\u00f3n de servicio (DoS). Este ataque parece ser explotable mediante un archivo MXF especialmente manipulado que debe proporcionarse como entrada. La vulnerabilidad parece haber sido solucionada en bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 y siguientes.\"}]",
"id": "CVE-2018-1999014",
"lastModified": "2024-11-21T03:57:03.190",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2018-07-23T15:29:00.470",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/104896\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104896\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-1999014\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-07-23T15:29:00.470\",\"lastModified\":\"2024-11-21T03:57:03.190\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.\"},{\"lang\":\"es\",\"value\":\"FFmpeg antes del commit con ID bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contiene una vulnerabilidad de acceso fuera de array en el demuxer de formato MXF que puede resultar en una denegaci\u00f3n de servicio (DoS). Este ataque parece ser explotable mediante un archivo MXF especialmente manipulado que debe proporcionarse como entrada. La vulnerabilidad parece haber sido solucionada en bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 y siguientes.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.0.1\",\"matchCriteriaId\":\"9B915B68-D7F0-4B61-9DA0-000EE6AE9A51\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104896\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104896\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
FKIE_CVE-2018-1999014
Vulnerability from fkie_nvd - Published: 2018-07-23 15:29 - Updated: 2024-11-21 03:57
Severity ?
Summary
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/104896 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104896 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B915B68-D7F0-4B61-9DA0-000EE6AE9A51",
"versionEndIncluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later."
},
{
"lang": "es",
"value": "FFmpeg antes del commit con ID bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contiene una vulnerabilidad de acceso fuera de array en el demuxer de formato MXF que puede resultar en una denegaci\u00f3n de servicio (DoS). Este ataque parece ser explotable mediante un archivo MXF especialmente manipulado que debe proporcionarse como entrada. La vulnerabilidad parece haber sido solucionada en bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 y siguientes."
}
],
"id": "CVE-2018-1999014",
"lastModified": "2024-11-21T03:57:03.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-23T15:29:00.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104896"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cleanstart-2026-ez98723
Vulnerability from cleanstart
Published
2026-01-30 14:21
Modified
2026-01-29 18:58
Summary
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...
Details
Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "ffmpeg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-EZ98723",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T14:21:51.714006Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-EZ98723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47470"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47470"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...",
"upstream": [
"CVE-2017-14058",
"CVE-2017-14225",
"CVE-2018-10001",
"CVE-2018-12458",
"CVE-2018-12459",
"CVE-2018-12460",
"CVE-2018-13300",
"CVE-2018-13301",
"CVE-2018-13302",
"CVE-2018-13303",
"CVE-2018-13304",
"CVE-2018-13305",
"CVE-2018-14394",
"CVE-2018-14395",
"CVE-2018-15822",
"CVE-2018-1999010",
"CVE-2018-1999011",
"CVE-2018-1999012",
"CVE-2018-1999013",
"CVE-2018-1999014",
"CVE-2018-1999015",
"CVE-2018-6912",
"CVE-2018-7557",
"CVE-2018-7751",
"CVE-2018-7757",
"CVE-2018-9841",
"CVE-2019-1000016",
"CVE-2019-11338",
"CVE-2019-11339",
"CVE-2019-12730",
"CVE-2019-17539",
"CVE-2019-17542",
"CVE-2019-9718",
"CVE-2019-9721",
"CVE-2020-12284",
"CVE-2020-13904",
"CVE-2020-14212",
"CVE-2020-20446",
"CVE-2020-20450",
"CVE-2020-20453",
"CVE-2020-21041",
"CVE-2020-22015",
"CVE-2020-22019",
"CVE-2020-22021",
"CVE-2020-22037",
"CVE-2020-22038",
"CVE-2020-22042",
"CVE-2020-24020",
"CVE-2020-35964",
"CVE-2020-35965",
"CVE-2021-30123",
"CVE-2021-33815",
"CVE-2021-38114",
"CVE-2021-38171",
"CVE-2021-38291",
"CVE-2022-3965",
"CVE-2023-46407",
"CVE-2023-47470"
]
}
cleanstart-2026-ps82605
Vulnerability from cleanstart
Published
2026-02-06 01:09
Modified
2026-02-03 13:35
Summary
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...
Details
Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "ffmpeg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-PS82605",
"modified": "2026-02-03T13:35:45Z",
"published": "2026-02-06T01:09:01.544353Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-PS82605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47470"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47470"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...",
"upstream": [
"CVE-2017-14058",
"CVE-2017-14225",
"CVE-2018-10001",
"CVE-2018-12458",
"CVE-2018-12459",
"CVE-2018-12460",
"CVE-2018-13300",
"CVE-2018-13301",
"CVE-2018-13302",
"CVE-2018-13303",
"CVE-2018-13304",
"CVE-2018-13305",
"CVE-2018-14394",
"CVE-2018-14395",
"CVE-2018-15822",
"CVE-2018-1999010",
"CVE-2018-1999011",
"CVE-2018-1999012",
"CVE-2018-1999013",
"CVE-2018-1999014",
"CVE-2018-1999015",
"CVE-2018-6912",
"CVE-2018-7557",
"CVE-2018-7751",
"CVE-2018-7757",
"CVE-2018-9841",
"CVE-2019-1000016",
"CVE-2019-11338",
"CVE-2019-11339",
"CVE-2019-12730",
"CVE-2019-17539",
"CVE-2019-17542",
"CVE-2019-9718",
"CVE-2019-9721",
"CVE-2020-12284",
"CVE-2020-13904",
"CVE-2020-14212",
"CVE-2020-20446",
"CVE-2020-20450",
"CVE-2020-20453",
"CVE-2020-21041",
"CVE-2020-22015",
"CVE-2020-22019",
"CVE-2020-22021",
"CVE-2020-22037",
"CVE-2020-22038",
"CVE-2020-22042",
"CVE-2020-24020",
"CVE-2020-35964",
"CVE-2020-35965",
"CVE-2021-30123",
"CVE-2021-33815",
"CVE-2021-38114",
"CVE-2021-38171",
"CVE-2021-38291",
"CVE-2022-3965",
"CVE-2023-46407",
"CVE-2023-47342",
"CVE-2023-47470"
]
}
cleanstart-2026-xe32069
Vulnerability from cleanstart
Published
2026-02-06 01:10
Modified
2026-02-03 13:35
Summary
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...
Details
Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "ffmpeg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-XE32069",
"modified": "2026-02-03T13:35:45Z",
"published": "2026-02-06T01:10:32.733224Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-XE32069.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47470"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47470"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...",
"upstream": [
"CVE-2017-14058",
"CVE-2017-14225",
"CVE-2018-10001",
"CVE-2018-12458",
"CVE-2018-12459",
"CVE-2018-12460",
"CVE-2018-13300",
"CVE-2018-13301",
"CVE-2018-13302",
"CVE-2018-13303",
"CVE-2018-13304",
"CVE-2018-13305",
"CVE-2018-14394",
"CVE-2018-14395",
"CVE-2018-15822",
"CVE-2018-1999010",
"CVE-2018-1999011",
"CVE-2018-1999012",
"CVE-2018-1999013",
"CVE-2018-1999014",
"CVE-2018-1999015",
"CVE-2018-6912",
"CVE-2018-7557",
"CVE-2018-7751",
"CVE-2018-7757",
"CVE-2018-9841",
"CVE-2019-1000016",
"CVE-2019-11338",
"CVE-2019-11339",
"CVE-2019-12730",
"CVE-2019-17539",
"CVE-2019-17542",
"CVE-2019-9718",
"CVE-2019-9721",
"CVE-2020-12284",
"CVE-2020-13904",
"CVE-2020-14212",
"CVE-2020-20446",
"CVE-2020-20450",
"CVE-2020-20453",
"CVE-2020-21041",
"CVE-2020-22015",
"CVE-2020-22019",
"CVE-2020-22021",
"CVE-2020-22037",
"CVE-2020-22038",
"CVE-2020-22042",
"CVE-2020-24020",
"CVE-2020-35964",
"CVE-2020-35965",
"CVE-2021-30123",
"CVE-2021-33815",
"CVE-2021-38114",
"CVE-2021-38171",
"CVE-2021-38291",
"CVE-2022-3965",
"CVE-2023-46407",
"CVE-2023-47342",
"CVE-2023-47470"
]
}
GHSA-VW6X-3GG6-QXM3
Vulnerability from github – Published: 2022-05-14 02:58 – Updated: 2022-05-14 02:58
VLAI?
Details
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2018-1999014"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-23T15:29:00Z",
"severity": "MODERATE"
},
"details": "FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.",
"id": "GHSA-vw6x-3gg6-qxm3",
"modified": "2022-05-14T02:58:57Z",
"published": "2022-05-14T02:58:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104896"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-1999014
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-1999014",
"description": "FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.",
"id": "GSD-2018-1999014",
"references": [
"https://www.suse.com/security/cve/CVE-2018-1999014.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-1999014"
],
"details": "FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.",
"id": "GSD-2018-1999014",
"modified": "2023-12-13T01:22:43.775595Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-20T20:44:32.980405",
"DATE_REQUESTED": "2018-07-13T16:17:24",
"ID": "CVE-2018-1999014",
"REQUESTER": "paulcher@icloud.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104896"
},
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75",
"refsource": "CONFIRM",
"url": "https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1999014"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75"
},
{
"name": "104896",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104896"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2018-09-19T17:56Z",
"publishedDate": "2018-07-23T15:29Z"
}
}
}
BDU:2024-09056
Vulnerability from fstec - Published: 05.07.2018
VLAI Severity ?
Title
Уязвимость мультимедийной библиотеки FFmpeg, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость мультимедийной библиотеки FFmpeg связана с чтением за допустимыми границами буфера данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании с помощью специально созданного MXF файла
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», FFmpeg team
Software Name
Debian GNU/Linux, Astra Linux Common Edition (запись в едином реестре российских программ №4433), FFmpeg
Software Version
11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Common Edition), до 4.0.1 включительно (FFmpeg)
Possible Mitigations
Для FFmpeg:
использование рекомендаций производителя: https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2018-1999014
Для ОС Astra Linux:
обновить пакет ffmpeg до 7:3.2.19-0+deb9u3+ci3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16
Reference
https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75
https://nvd.nist.gov/vuln/detail/CVE-2018-1999014
https://security-tracker.debian.org/tracker/CVE-2018-1999014
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, FFmpeg team",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Common Edition), \u0434\u043e 4.0.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FFmpeg)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f FFmpeg:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2018-1999014\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ffmpeg \u0434\u043e 7:3.2.19-0+deb9u3+ci3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.07.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "07.11.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.11.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-09056",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-1999014",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), FFmpeg",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 FFmpeg, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 FFmpeg \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e MXF \u0444\u0430\u0439\u043b\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1999014\nhttps://security-tracker.debian.org/tracker/CVE-2018-1999014\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}
CNVD-2019-02945
Vulnerability from cnvd - Published: 2019-01-25
VLAI Severity ?
Title
FFmpeg MXF format demuxer越界访问漏洞
Description
FFmpeg是FFmpeg团队的一套可录制、转换以及流化音视频的完整解决方案。MXF format demuxer是其中的一个视、音频分离器。
FFmpeg commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75之前版本中的MXF format demuxer存在数组越界访问漏洞。攻击者可借助特制的MXF文件利用该漏洞造成拒绝服务。
Severity
中
Patch Name
FFmpeg MXF format demuxer越界访问漏洞的补丁
Patch Description
FFmpeg是FFmpeg团队的一套可录制、转换以及流化音视频的完整解决方案。MXF format demuxer是其中的一个视、音频分离器。
FFmpeg commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75之前版本中的MXF format demuxer存在数组越界访问漏洞。攻击者可借助特制的MXF文件利用该漏洞造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-1999014
Impacted products
| Name | FFmpeg Ffmpeg <commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 |
|---|
{
"bids": {
"bid": {
"bidNumber": "104896"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2018-1999014"
}
},
"description": "FFmpeg\u662fFFmpeg\u56e2\u961f\u7684\u4e00\u5957\u53ef\u5f55\u5236\u3001\u8f6c\u6362\u4ee5\u53ca\u6d41\u5316\u97f3\u89c6\u9891\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848\u3002MXF format demuxer\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u89c6\u3001\u97f3\u9891\u5206\u79bb\u5668\u3002\n\nFFmpeg commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75\u4e4b\u524d\u7248\u672c\u4e2d\u7684MXF format demuxer\u5b58\u5728\u6570\u7ec4\u8d8a\u754c\u8bbf\u95ee\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684MXF\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Paul Ch",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-02945",
"openTime": "2019-01-25",
"patchDescription": "FFmpeg\u662fFFmpeg\u56e2\u961f\u7684\u4e00\u5957\u53ef\u5f55\u5236\u3001\u8f6c\u6362\u4ee5\u53ca\u6d41\u5316\u97f3\u89c6\u9891\u7684\u5b8c\u6574\u89e3\u51b3\u65b9\u6848\u3002MXF format demuxer\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u89c6\u3001\u97f3\u9891\u5206\u79bb\u5668\u3002\r\n\r\nFFmpeg commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75\u4e4b\u524d\u7248\u672c\u4e2d\u7684MXF format demuxer\u5b58\u5728\u6570\u7ec4\u8d8a\u754c\u8bbf\u95ee\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684MXF\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "FFmpeg MXF format demuxer\u8d8a\u754c\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "FFmpeg Ffmpeg \u003ccommit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014",
"serverity": "\u4e2d",
"submitTime": "2018-07-24",
"title": "FFmpeg MXF format demuxer\u8d8a\u754c\u8bbf\u95ee\u6f0f\u6d1e"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…