CVE-2019-9718

Published: Mar 12, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982

x_refsource_MISC

107382

vdb-entry

x_refsource_BID

USN-3967-1

vendor-advisory

x_refsource_UBUNTU

20190523 [SECURITY] [DSA 4449-1] ffmpeg security update

mailing-list

x_refsource_BUGTRAQ

DSA-4449

vendor-advisory

x_refsource_DEBIAN

https://github.com/FFmpeg/FFmpeg/commit/23ccf3cabb4baf6e8af4b1af3fcc59c904736f21

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-9718

Description

Affected Products

References