QwikSec

Security Database

CVE

CWE

Training

CVE-2019-11338

Published: Apr 18, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e

x_refsource_MISC

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_UBUNTU

20190523 [SECURITY] [DSA 4449-1] ffmpeg security update

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update

mailing-list

x_refsource_MLIST

openSUSE-SU-2020:0024

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.