Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-11339 (GCVE-0-2019-11339)
Vulnerability from cvelistv5 – Published: 2019-04-18 23:52 – Updated: 2024-08-04 22:48
VLAI?
EPSS
Summary
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb"
},
{
"name": "108037",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108037"
},
{
"name": "USN-3967-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3967-1/"
},
{
"name": "openSUSE-SU-2020:0024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T00:06:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb"
},
{
"name": "108037",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108037"
},
{
"name": "USN-3967-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3967-1/"
},
{
"name": "openSUSE-SU-2020:0024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a"
},
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb"
},
{
"name": "108037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108037"
},
{
"name": "USN-3967-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3967-1/"
},
{
"name": "openSUSE-SU-2020:0024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11339",
"datePublished": "2019-04-18T23:52:15.000Z",
"dateReserved": "2019-04-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:48:09.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cleanstart-2026-ps82605
Vulnerability from cleanstart
Published
2026-02-06 01:09
Modified
2026-02-03 13:35
Summary
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...
Details
Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "ffmpeg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-PS82605",
"modified": "2026-02-03T13:35:45Z",
"published": "2026-02-06T01:09:01.544353Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-PS82605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47470"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47470"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...",
"upstream": [
"CVE-2017-14058",
"CVE-2017-14225",
"CVE-2018-10001",
"CVE-2018-12458",
"CVE-2018-12459",
"CVE-2018-12460",
"CVE-2018-13300",
"CVE-2018-13301",
"CVE-2018-13302",
"CVE-2018-13303",
"CVE-2018-13304",
"CVE-2018-13305",
"CVE-2018-14394",
"CVE-2018-14395",
"CVE-2018-15822",
"CVE-2018-1999010",
"CVE-2018-1999011",
"CVE-2018-1999012",
"CVE-2018-1999013",
"CVE-2018-1999014",
"CVE-2018-1999015",
"CVE-2018-6912",
"CVE-2018-7557",
"CVE-2018-7751",
"CVE-2018-7757",
"CVE-2018-9841",
"CVE-2019-1000016",
"CVE-2019-11338",
"CVE-2019-11339",
"CVE-2019-12730",
"CVE-2019-17539",
"CVE-2019-17542",
"CVE-2019-9718",
"CVE-2019-9721",
"CVE-2020-12284",
"CVE-2020-13904",
"CVE-2020-14212",
"CVE-2020-20446",
"CVE-2020-20450",
"CVE-2020-20453",
"CVE-2020-21041",
"CVE-2020-22015",
"CVE-2020-22019",
"CVE-2020-22021",
"CVE-2020-22037",
"CVE-2020-22038",
"CVE-2020-22042",
"CVE-2020-24020",
"CVE-2020-35964",
"CVE-2020-35965",
"CVE-2021-30123",
"CVE-2021-33815",
"CVE-2021-38114",
"CVE-2021-38171",
"CVE-2021-38291",
"CVE-2022-3965",
"CVE-2023-46407",
"CVE-2023-47342",
"CVE-2023-47470"
]
}
cleanstart-2026-xe32069
Vulnerability from cleanstart
Published
2026-02-06 01:10
Modified
2026-02-03 13:35
Summary
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...
Details
Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "ffmpeg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-XE32069",
"modified": "2026-02-03T13:35:45Z",
"published": "2026-02-06T01:10:32.733224Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-XE32069.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47470"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47342"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47470"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...",
"upstream": [
"CVE-2017-14058",
"CVE-2017-14225",
"CVE-2018-10001",
"CVE-2018-12458",
"CVE-2018-12459",
"CVE-2018-12460",
"CVE-2018-13300",
"CVE-2018-13301",
"CVE-2018-13302",
"CVE-2018-13303",
"CVE-2018-13304",
"CVE-2018-13305",
"CVE-2018-14394",
"CVE-2018-14395",
"CVE-2018-15822",
"CVE-2018-1999010",
"CVE-2018-1999011",
"CVE-2018-1999012",
"CVE-2018-1999013",
"CVE-2018-1999014",
"CVE-2018-1999015",
"CVE-2018-6912",
"CVE-2018-7557",
"CVE-2018-7751",
"CVE-2018-7757",
"CVE-2018-9841",
"CVE-2019-1000016",
"CVE-2019-11338",
"CVE-2019-11339",
"CVE-2019-12730",
"CVE-2019-17539",
"CVE-2019-17542",
"CVE-2019-9718",
"CVE-2019-9721",
"CVE-2020-12284",
"CVE-2020-13904",
"CVE-2020-14212",
"CVE-2020-20446",
"CVE-2020-20450",
"CVE-2020-20453",
"CVE-2020-21041",
"CVE-2020-22015",
"CVE-2020-22019",
"CVE-2020-22021",
"CVE-2020-22037",
"CVE-2020-22038",
"CVE-2020-22042",
"CVE-2020-24020",
"CVE-2020-35964",
"CVE-2020-35965",
"CVE-2021-30123",
"CVE-2021-33815",
"CVE-2021-38114",
"CVE-2021-38171",
"CVE-2021-38291",
"CVE-2022-3965",
"CVE-2023-46407",
"CVE-2023-47342",
"CVE-2023-47470"
]
}
cleanstart-2026-ez98723
Vulnerability from cleanstart
Published
2026-01-30 14:21
Modified
2026-01-29 18:58
Summary
Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...
Details
Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "ffmpeg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-EZ98723",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T14:21:51.714006Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-EZ98723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-47470"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14058"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12458"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12460"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13302"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13303"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13304"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14394"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14395"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11338"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17542"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13904"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20450"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20453"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22019"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22021"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22037"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22038"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22042"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35964"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30123"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38291"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3965"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47470"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...",
"upstream": [
"CVE-2017-14058",
"CVE-2017-14225",
"CVE-2018-10001",
"CVE-2018-12458",
"CVE-2018-12459",
"CVE-2018-12460",
"CVE-2018-13300",
"CVE-2018-13301",
"CVE-2018-13302",
"CVE-2018-13303",
"CVE-2018-13304",
"CVE-2018-13305",
"CVE-2018-14394",
"CVE-2018-14395",
"CVE-2018-15822",
"CVE-2018-1999010",
"CVE-2018-1999011",
"CVE-2018-1999012",
"CVE-2018-1999013",
"CVE-2018-1999014",
"CVE-2018-1999015",
"CVE-2018-6912",
"CVE-2018-7557",
"CVE-2018-7751",
"CVE-2018-7757",
"CVE-2018-9841",
"CVE-2019-1000016",
"CVE-2019-11338",
"CVE-2019-11339",
"CVE-2019-12730",
"CVE-2019-17539",
"CVE-2019-17542",
"CVE-2019-9718",
"CVE-2019-9721",
"CVE-2020-12284",
"CVE-2020-13904",
"CVE-2020-14212",
"CVE-2020-20446",
"CVE-2020-20450",
"CVE-2020-20453",
"CVE-2020-21041",
"CVE-2020-22015",
"CVE-2020-22019",
"CVE-2020-22021",
"CVE-2020-22037",
"CVE-2020-22038",
"CVE-2020-22042",
"CVE-2020-24020",
"CVE-2020-35964",
"CVE-2020-35965",
"CVE-2021-30123",
"CVE-2021-33815",
"CVE-2021-38114",
"CVE-2021-38171",
"CVE-2021-38291",
"CVE-2022-3965",
"CVE-2023-46407",
"CVE-2023-47470"
]
}
FKIE_CVE-2019-11339
Vulnerability from fkie_nvd - Published: 2019-04-19 00:29 - Updated: 2024-11-21 04:20
Severity ?
Summary
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF346BC1-AEDC-4184-8A4B-5FAFCD9EDA95",
"versionEndExcluding": "4.0.4",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E59C1111-8CA2-443D-80F0-3CFE725F54DB",
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data."
},
{
"lang": "es",
"value": "Studio profile decoder en libavcodec/mpeg4videodec.c en FFmpeg versiones 4.0 anteriores a 4.0.4 y 4.1 anteriores a 4.1.2 permite a los atacantes remotos causar una denegaci\u00f3n de servicio (out-of-array access) o posiblemente tener otro impacto no especificado a trav\u00e9s de datos de v\u00eddeo MPEG-4 creados."
}
],
"id": "CVE-2019-11339",
"lastModified": "2024-11-21T04:20:54.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-19T00:29:00.293",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108037"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3967-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3967-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2019-11339
Vulnerability from gsd - Updated: 2023-12-13 01:24Details
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-11339",
"description": "The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.",
"id": "GSD-2019-11339",
"references": [
"https://www.suse.com/security/cve/CVE-2019-11339.html",
"https://ubuntu.com/security/CVE-2019-11339"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-11339"
],
"details": "The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.",
"id": "GSD-2019-11339",
"modified": "2023-12-13T01:24:02.402113Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a"
},
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb"
},
{
"name": "108037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108037"
},
{
"name": "USN-3967-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3967-1/"
},
{
"name": "openSUSE-SU-2020:0024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.4",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11339"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a"
},
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb"
},
{
"name": "108037",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108037"
},
{
"name": "USN-3967-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/3967-1/"
},
{
"name": "openSUSE-SU-2020:0024",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-05-06T21:29Z",
"publishedDate": "2019-04-19T00:29Z"
}
}
}
GHSA-X227-WFQ2-5JXP
Vulnerability from github – Published: 2022-05-24 16:43 – Updated: 2024-04-04 00:01
VLAI?
Details
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2019-11339"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-19T00:29:00Z",
"severity": "HIGH"
},
"details": "The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.",
"id": "GHSA-x227-wfq2-5jxp",
"modified": "2024-04-04T00:01:47Z",
"published": "2022-05-24T16:43:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11339"
},
{
"type": "WEB",
"url": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb"
},
{
"type": "WEB",
"url": "https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3967-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108037"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2019-11339
Vulnerability from fstec - Published: 15.02.2019
VLAI Severity ?
Title
Уязвимость функции mpeg4_decode_studio_block() мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции mpeg4_decode_studio_block() мультимедийной библиотеки FFmpeg связана с чтением данных за границами буфера. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании с помощью специально созданных данных видео формата MPEG-4
Severity ?
Vendor
Canonical Ltd., ООО «РусБИТех-Астра», Novell Inc., FFmpeg team
Software Name
Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, FFmpeg
Software Version
18.04 LTS (Ubuntu), 18.10 (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 19.04 (Ubuntu), 15.1 (OpenSUSE Leap), от 4.0 до 4.0.4 (FFmpeg), от 4.1 до 4.1.2 (FFmpeg)
Possible Mitigations
Использование рекомендаций:
Для FFmpeg:
https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb
https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6
Для Ubuntu:
https://usn.ubuntu.com/3967-1/
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2019-11339/
Для Astra Linux Special Edition 1.6 «Смоленск»::
обновить пакет ffmpeg до 7:3.2.19-0+deb9u3+ci3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16
Reference
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html
http://www.securityfocus.com/bid/108037
https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb
https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a
https://usn.ubuntu.com/3967-1/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., FFmpeg team",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "18.04 LTS (Ubuntu), 18.10 (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 19.04 (Ubuntu), 15.1 (OpenSUSE Leap), \u043e\u0442 4.0 \u0434\u043e 4.0.4 (FFmpeg), \u043e\u0442 4.1 \u0434\u043e 4.1.2 (FFmpeg)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f FFmpeg:\nhttps://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb\nhttps://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/3967-1/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2019-11339/\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb::\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ffmpeg \u0434\u043e 7:3.2.19-0+deb9u3+ci3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.02.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "07.11.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.04.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01557",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-11339",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, FFmpeg",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 18.10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 19.04 , Novell Inc. OpenSUSE Leap 15.1 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mpeg4_decode_studio_block() \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 FFmpeg, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mpeg4_decode_studio_block() \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 FFmpeg \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432\u0438\u0434\u0435\u043e \u0444\u043e\u0440\u043c\u0430\u0442\u0430 MPEG-4",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html \nhttp://www.securityfocus.com/bid/108037 \nhttps://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb \nhttps://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a \nhttps://usn.ubuntu.com/3967-1/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…