Vulnerability Name: | CVE-2019-1000016 (CCN-157432) | ||||||||||||||||||||||||||||||||
Assigned: | 2018-12-02 | ||||||||||||||||||||||||||||||||
Published: | 2018-12-02 | ||||||||||||||||||||||||||||||||
Updated: | 2019-02-06 | ||||||||||||||||||||||||||||||||
Summary: | FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31. | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-129 | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2019-1000016 Source: XF Type: UNKNOWN ffmpeg-cve20191000016-dos(157432) Source: CCN Type: FFmpeg GIT Repository cbs_av1: Fix reading of overlong uvlc codes Source: MISC Type: Patch, Third Party Advisory https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |