ALT-PU-2019-1588-1
Closed vulnerabilities
Published: 2019-03-23
BDU:2019-03328
Уязвимость мультимедийной библиотеки FFmpeg, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (8.8)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2019-04-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-11338
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2020:0024
- openSUSE-SU-2020:0024
- 108034
- 108034
- https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e
- https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e
- https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b
- https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b
- [debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update
- [debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update
- 20190523 [SECURITY] [DSA 4449-1] ffmpeg security update
- 20190523 [SECURITY] [DSA 4449-1] ffmpeg security update
- USN-3967-1
- USN-3967-1
- USN-4431-1
- USN-4431-1
- DSA-4449
- DSA-4449