CVE-2019-11339

The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.

References

Affected packages

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type

GIT

Repo

https://git.ffmpeg.org/ffmpeg.git

Events

Introduced

ace829cb45cff530b8a0aed6adf18f329d7a98f6

Fixed

ee66e04bc9dbbcf95114a103f174ed54b2260758

Introduced

3c1ecb057d7621e57968624aa15ad3e9efc819f7

Fixed

a7cb7a2e4314956e06a351333ff8096fab9afa7f

Database specific

{
    "cpe": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "4.0"
        },
        {
            "fixed": "4.0.4"
        },
        {
            "introduced": "4.1"
        },
        {
            "fixed": "4.1.2"
        }
    ]
}

Affected versions

n4.*

n4.0

n4.0.1

n4.0.2

n4.0.3

n4.1

n4.1-dev

n4.1.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11339.json"

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type

GIT

Repo

https://github.com/ffmpeg/ffmpeg

Events

Introduced

ace829cb45cff530b8a0aed6adf18f329d7a98f6

Fixed

ee66e04bc9dbbcf95114a103f174ed54b2260758

Introduced

3c1ecb057d7621e57968624aa15ad3e9efc819f7

Fixed

a7cb7a2e4314956e06a351333ff8096fab9afa7f

Fixed

1f686d023b95219db933394a7704ad9aa5f01cbb

Fixed

d227ed5d598340e719eff7156b1aa0a4469e9a6a

Database specific

{
    "cpe": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "4.0"
        },
        {
            "fixed": "4.0.4"
        },
        {
            "introduced": "4.1"
        },
        {
            "fixed": "4.1.2"
        }
    ]
}

Affected versions

n4.*

n4.0

n4.0.1

n4.0.2

n4.0.3

n4.1

n4.1-dev

n4.1.1

n4.2-dev

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11339.json"