libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
{ "vanir_signatures": [ { "target": { "function": "decode_nal_unit", "file": "libavcodec/hevcdec.c" }, "digest": { "length": 3748.0, "function_hash": "45059981939637157877700820184160513142" }, "signature_version": "v1", "id": "CVE-2019-11338-27b24530", "source": "https://github.com/ffmpeg/ffmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b", "signature_type": "Function", "deprecated": false }, { "target": { "file": "libavcodec/hevcdec.c" }, "digest": { "line_hashes": [ "167280379000740045495955150237615756625", "217014810008278832315784870144539884880", "275342592106358026505968957521723311896", "93282334362186985464861588891659759283", "20102417044240740358849022761902872871", "315077692536051889598880836078603069425", "70136499457010029194053811280640163862", "143535213550679828004584463617263301076", "128790428654206636083008055072316941250", "317589072920574188696555524382694908121", "230507251567370162258824489236627234082", "326752629143355640910394448450558654154", "272291046614698887552076985666997168650", "184162110970024235939528314086827681328", "138312105946242993354180976917596471857" ], "threshold": 0.9 }, "signature_version": "v1", "id": "CVE-2019-11338-2ff1770d", "source": "https://github.com/ffmpeg/ffmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e", "signature_type": "Line", "deprecated": false }, { "target": { "function": "hls_slice_header", "file": "libavcodec/hevcdec.c" }, "digest": { "length": 14167.0, "function_hash": "331539604942389623747355164843225661104" }, "signature_version": "v1", "id": "CVE-2019-11338-50b395ac", "source": "https://github.com/ffmpeg/ffmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b", "signature_type": "Function", "deprecated": false }, { "target": { "function": "decode_nal_unit", "file": "libavcodec/hevcdec.c" }, "digest": { "length": 5011.0, "function_hash": "267982237115177009869281056395071073673" }, "signature_version": "v1", "id": "CVE-2019-11338-57cefee5", "source": "https://github.com/ffmpeg/ffmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e", "signature_type": "Function", "deprecated": false }, { "target": { "function": "hls_slice_header", "file": "libavcodec/hevcdec.c" }, "digest": { "length": 14204.0, "function_hash": "79026117247124224733924662327854734242" }, "signature_version": "v1", "id": "CVE-2019-11338-70732dfc", "source": "https://github.com/ffmpeg/ffmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e", "signature_type": "Function", "deprecated": false }, { "target": { "file": "libavcodec/hevcdec.c" }, "digest": { "line_hashes": [ "167280379000740045495955150237615756625", "217014810008278832315784870144539884880", "275342592106358026505968957521723311896", "93282334362186985464861588891659759283", "20102417044240740358849022761902872871", "247604245573560918611417214280701552476", "203456488689133841884968569597706019293", "226504480904387125210540704722477978516", "230507251567370162258824489236627234082", "326752629143355640910394448450558654154", "272291046614698887552076985666997168650", "184162110970024235939528314086827681328", "138312105946242993354180976917596471857" ], "threshold": 0.9 }, "signature_version": "v1", "id": "CVE-2019-11338-f5c87da6", "source": "https://github.com/ffmpeg/ffmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b", "signature_type": "Line", "deprecated": false } ] }