Denial of service vulnerabilities in Libav
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2018-18827 CVE-2018-18826 CVE-2019-14372 CVE-2019-14371 CVE-2018-18829 CVE-2018-18828 CVE-2018-19130 CVE-2018-19129 CVE-2018-19128 CVE-2018-20001 CVE-2018-11224 |
| CWE-ID | CWE-122 CWE-835 CWE-476 CWE-125 CWE-20 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
Libav Client/Desktop applications / Multimedia software |
| Vendor | Libav |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU15676
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-18827
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer overflow in the ff_vc1_pred_dc function in vc1_block.c. A remote attacker can trick the victim into opening a specially crafted aac file, trigger memory corruption and cause the service to crash.
MitigationCybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsLibav: 12.3
External linkshttp://bugzilla.libav.org/show_bug.cgi?id=1135
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Heap-based buffer overflow
EUVDB-ID: #VU15677
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-18826
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer overflow in the vc1_decode_p_mb_intfi function in vc1_block.c. A remote attacker can trick the victim into opening a specially crafted aac file, trigger memory corruption and cause the service to crash.
MitigationCybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsLibav: 12.3
External linkshttp://bugzilla.libav.org/show_bug.cgi?id=1135
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Infinite loop
EUVDB-ID: #VU19511
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-14372
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the wv_read_block_header() in the file wvdec.c. A remote attacker can consume all available system resources and trigger denial of service condition.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLibav: 12.3
External linkshttp://bugzilla.libav.org/show_bug.cgi?id=1165
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Infinite loop
EUVDB-ID: #VU19512
Risk: Low
CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-14371
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the mov_probe in the file libavformat/mov.c, related to offset and tag. A remote attacker can consume all available system resources and trigger denial of service condition.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLibav: 12.3
External linkshttp://bugzilla.libav.org/show_bug.cgi?id=1163
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU19513
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-18829
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file. A remote attacker can perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLibav: 12.3
External linkshttp://bugzilla.libav.org/show_bug.cgi?id=1136
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU19514
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-18828
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in vc1_decode_i_block_adv() function in vc1_block. A remote attacker can use a crafted aac file to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLibav: 12.3
External linkshttp://bugzilla.libav.org/show_bug.cgi?id=1135
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU19515
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-19130
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the vc1_decode_frame() function in libavcodec/vc1dec.c. A remote attacker can create a specially crafted aac file, trigger out-of-bounds read error and crash the affected application.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLibav: 12.3
External linkshttp://bugzilla.libav.org/show_bug.cgi?id=1139
http://exchange.xforce.ibmcloud.com/vulnerabilities/152819
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU19516
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-19129
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ff_mpa_synth_filter_float() function in libavcodec/mpegaudiodsp_template.c. A remote attacker can trigger denial of service conditions via a crafted mov file.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLibav: 12.3
External linkshttp://bugzilla.libav.org/show_bug.cgi?id=1138
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU19517
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-19128
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in decode_frame() function in libavcodec/lcldec.c when processing a crafted avi file. A remote attacker can perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLibav: 12.3
External linkshttp://bugzilla.libav.org/show_bug.cgi?id=1137
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU19518
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-20001
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the range_decode_culshift function in libavcodec/apedec.c. A remote attacker can create a specially crafted file, pass it to the application and perform denial of service attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLibav: 12.3
External linkshttp://bugzilla.libav.org/show_bug.cgi?id=1141
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU19519
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-11224
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the in_table_init16 function in libavcodec/aacsbr.c. A remote attacker can perform denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLibav: 12.3
External linkshttp://bugzilla.libav.org/show_bug.cgi?id=1129
http://docs.google.com/document/d/16_HC-FjFuBNMbaoR397z_3EwpDP6wb1DNWrfkD4qRDE/edit
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
