CVE-2019-1000016: Out-of-bounds Read
First published: Mon Feb 04 2019(Updated: )
FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FFmpeg | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-1000016?
CVE-2019-1000016 has a severity level that indicates a Denial of Service vulnerability.
How do I fix CVE-2019-1000016?
To fix CVE-2019-1000016, upgrade to a version of FFmpeg that is newer than 4.1, which addresses this vulnerability.
What impact does CVE-2019-1000016 have on my system?
CVE-2019-1000016 can lead to a Denial of Service, making the system unable to process or handle requests properly.
What version of FFmpeg is affected by CVE-2019-1000016?
FFmpeg version 4.1 is specifically affected by CVE-2019-1000016.
Can CVE-2019-1000016 be exploited remotely?
Yes, CVE-2019-1000016 can be exploited by providing specially crafted AV1 files as input.
- agent/type
- agent/references
- agent/severity
- agent/remedy
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ffmpeg
- canonical/ffmpeg
- version/ffmpeg/4.1