CVE-2018-6621

The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.

References

Affected packages

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type: GIT
Repo: https://git.ffmpeg.org/ffmpeg.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

118e1b0b3370dd1c0da442901b486689efd1654b

Type: GIT
Repo: https://github.com/ffmpeg/ffmpeg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

22aa37c0fedf14531783189a197542a055959b6c

Affected versions

Other

n0.*

n0.11-dev

n0.12-dev

n0.8

n1.*

n1.1-dev

n1.2-dev

n1.3-dev

n2.*

n2.0

n2.1-dev

n2.2-dev

n2.3-dev

n2.4-dev

n2.5-dev

n2.6-dev

n2.7-dev

n2.8-dev

n2.9-dev

n3.*

n3.1-dev

n3.2

n3.2-dev

n3.2.1

n3.2.10

n3.2.2

n3.2.3

n3.2.4

n3.2.5

n3.2.6

n3.2.7

n3.2.8

n3.2.9

n3.3-dev

n3.4-dev

n3.5-dev

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2018-6621-04420188",
            "digest": {
                "length": 6485.0,
                "function_hash": "118628482742309640807246975102458427469"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "libavcodec/utvideodec.c",
                "function": "decode_frame"
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/22aa37c0fedf14531783189a197542a055959b6c"
        }
    ]
}