CVE-2018-6621

The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.

References

Affected packages

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type: GIT
Repo: https://git.ffmpeg.org/ffmpeg.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

118e1b0b3370dd1c0da442901b486689efd1654b

Affected versions

Other

n0.*

n0.11-dev

n0.12-dev

n0.8

n1.*

n1.1-dev

n1.2-dev

n1.3-dev

n2.*

n2.0

n2.1-dev

n2.2-dev

n2.3-dev

n2.4-dev

n2.5-dev

n2.6-dev

n2.7-dev

n2.8-dev

n2.9-dev

n3.*

n3.1-dev

n3.2-dev

n3.3-dev

n3.4-dev

n3.5-dev

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6621.json"

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type: GIT
Repo: https://github.com/ffmpeg/ffmpeg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

22aa37c0fedf14531783189a197542a055959b6c

Affected versions

Other

n0.*

n0.11-dev

n0.12-dev

n0.8

n1.*

n1.1-dev

n1.2-dev

n1.3-dev

n2.*

n2.0

n2.1-dev

n2.2-dev

n2.3-dev

n2.4-dev

n2.5-dev

n2.6-dev

n2.7-dev

n2.8-dev

n2.9-dev

n3.*

n3.1-dev

n3.2

n3.2-dev

n3.2.1

n3.2.10

n3.2.2

n3.2.3

n3.2.4

n3.2.5

n3.2.6

n3.2.7

n3.2.8

n3.2.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6621.json"

vanir_signatures

[
    {
        "target": {
            "function": "decode_frame",
            "file": "libavcodec/utvideodec.c"
        },
        "deprecated": false,
        "id": "CVE-2018-6621-04420188",
        "digest": {
            "length": 6485.0,
            "function_hash": "118628482742309640807246975102458427469"
        },
        "signature_type": "Function",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/22aa37c0fedf14531783189a197542a055959b6c",
        "signature_version": "v1"
    }
]