What is the severity of CVE-2018-14395?

CVE-2018-14395 has a severity level classified as high due to its potential to cause a denial of service through a divide-by-zero error.

How do I fix CVE-2018-14395?

You can fix CVE-2018-14395 by upgrading to the patched versions of FFmpeg, specifically versions 4.1.9, 4.1.11, 4.3.6, 5.1.3, or 6.0.

What vulnerabilities does CVE-2018-14395 exploit?

CVE-2018-14395 exploits a flaw in the movenc.c file of FFmpeg that allows an attacker to cause an application crash.

Which versions of FFmpeg are affected by CVE-2018-14395?

FFmpeg versions 3.2 and 4.0.2 are affected by CVE-2018-14395 and should be updated immediately.

Can CVE-2018-14395 be triggered remotely?

Yes, CVE-2018-14395 can be triggered remotely by an attacker using a specially crafted audio file.

Vulnerability/
CVE-2018-14395

medium

6.5

CWE

369

19/7/2018

5/8/2024

CVE-2018-14395: Divide by Zero

First published: Thu Jul 19 2018(Updated: )

libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
debian/ffmpeg		7:4.1.9-0+deb10u1 7:4.1.11-0+deb10u1 7:4.3.6-0+deb11u1 7:5.1.3-1 7:6.0-7
Debian GNU/Linux	=9.0
FFmpeg	=3.2
FFmpeg	=4.0

Remedy

https://github.com/FFmpeg/FFmpeg/commit/2c0e98a0b478284bdff6d7a4062522605a8beae5

Remedy

https://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-14395?
CVE-2018-14395 has a severity level classified as high due to its potential to cause a denial of service through a divide-by-zero error.
How do I fix CVE-2018-14395?
You can fix CVE-2018-14395 by upgrading to the patched versions of FFmpeg, specifically versions 4.1.9, 4.1.11, 4.3.6, 5.1.3, or 6.0.
What vulnerabilities does CVE-2018-14395 exploit?
CVE-2018-14395 exploits a flaw in the movenc.c file of FFmpeg that allows an attacker to cause an application crash.
Which versions of FFmpeg are affected by CVE-2018-14395?
FFmpeg versions 3.2 and 4.0.2 are affected by CVE-2018-14395 and should be updated immediately.
Can CVE-2018-14395 be triggered remotely?
Yes, CVE-2018-14395 can be triggered remotely by an attacker using a specially crafted audio file.

collector/security-tracker-debian
agent/type
agent/remedy
agent/references
agent/severity
agent/author
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/debian
vendor/debian
canonical/debian gnu/linux
version/debian gnu/linux/9.0
vendor/ffmpeg
canonical/ffmpeg
version/ffmpeg/3.2
version/ffmpeg/4.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.