First published: Mon Oct 14 2019(Updated: )
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
FFmpeg FFmpeg | <3.4.7 | |
FFmpeg FFmpeg | >=4.0<4.0.5 | |
FFmpeg FFmpeg | >=4.1<4.1.5 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
debian/ffmpeg | 7:4.3.7-0+deb11u1 7:4.3.8-0+deb11u1 7:5.1.6-0+deb12u1 7:7.1-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-17539 is a vulnerability in FFmpeg before 4.2 that allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.
CVE-2019-17539 has a severity rating of 9.8 (Critical).
The affected software versions include FFmpeg versions up to 4.0.5, 4.1.5, and 3.4.7, as well as Debian Linux 9.0, Debian Linux 10.0, and Canonical Ubuntu Linux 16.04, 18.04, and 20.04.
To fix CVE-2019-17539, update to FFmpeg version 4.2 or higher and apply the available patches provided by your operating system vendor.
You can find more information about CVE-2019-17539 on the CVE Mitre website, the Chromium OSS-Fuzz bug tracker, and the Ubuntu Security Notices website.