CVE-2018-1999015
First published: Mon Jul 23 2018(Updated: )
FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FFmpeg | <=4.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1999015?
CVE-2018-1999015 has a high severity level due to its potential for exploiting heap memory reading.
How do I fix CVE-2018-1999015?
To fix CVE-2018-1999015, upgrade FFmpeg to version 4.0.2 or later.
What type of vulnerability is CVE-2018-1999015?
CVE-2018-1999015 is classified as an out of array read vulnerability in the ASF demuxer.
What input is required to exploit CVE-2018-1999015?
Exploitation of CVE-2018-1999015 requires a specially crafted ASF file as input.
In which versions of FFmpeg does CVE-2018-1999015 exist?
CVE-2018-1999015 exists in FFmpeg versions before 4.0.2.
- agent/type
- agent/references
- agent/severity
- agent/remedy
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ffmpeg
- canonical/ffmpeg
- version/ffmpeg/4.0.1