Main Vulnerability Database Vulnerabilities #VU32010

Out-of-bounds read in FFmpeg - CVE-2018-1999015

Published: July 23, 2018 / Updated: July 28, 2020

Vulnerability identifier: #VU32010

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-1999015

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ffmpeg.sourceforge.net

Affected software:
FFmpeg

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.

How to mitigate CVE-2018-1999015

Install update from vendor's website.

Out-of-bounds read in FFmpeg - CVE-2018-1999015

Detailed vulnerability description

How to mitigate CVE-2018-1999015

Sources

Please verify you're human