CVE-2018-1999014

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1999014
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1999014.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1999014
Downstream
Published
2018-07-23T15:29:00Z
Modified
2025-09-19T09:38:31.132095Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.

References

Affected packages

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type
GIT
Repo
https://git.ffmpeg.org/ffmpeg.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e049f7c24fc6aa5fc925f860e2ad940a75cfd84f
Type
GIT
Repo
https://github.com/ffmpeg/ffmpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75

Affected versions

Other

N

n0.*

n0.11-dev
n0.12-dev
n0.8

n1.*

n1.1-dev
n1.2-dev
n1.3-dev

n2.*

n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8-dev
n2.9-dev

n3.*

n3.1-dev
n3.2-dev
n3.3-dev
n3.4-dev
n3.5-dev

n4.*

n4.0
n4.0.1
n4.1-dev

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2018-1999014-b19e6de2",
            "digest": {
                "length": 13420.0,
                "function_hash": "144181908302341042891722516010774926562"
            },
            "signature_version": "v1",
            "target": {
                "file": "libavformat/mxfdec.c",
                "function": "mxf_parse_structural_metadata"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75"
        },
        {
            "id": "CVE-2018-1999014-f08e6a83",
            "digest": {
                "line_hashes": [
                    "218508843177551802678950606852029140019",
                    "184067284626790059110779701091585287226",
                    "49445655237091058897730739550081997581",
                    "159212669980528576718296104313396899819"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "target": {
                "file": "libavformat/mxfdec.c"
            },
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75"
        }
    ]
}