SB2018070508 - NULL pointer dereference in ffmpeg.sourceforge.net FFmpeg

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018070508

SB2018070508 - NULL pointer dereference in ffmpeg.sourceforge.net FFmpeg

Published: July 5, 2018 Updated: July 28, 2020

Security Bulletin ID SB2018070508
Severity
Medium
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) NULL pointer dereference (CVE-ID: CVE-2018-13301)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. A remote attacker can perform a denial of service (DoS) attack.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References