First published: Mon Oct 14 2019(Updated: )
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
FFmpeg FFmpeg | <2.8.16 | |
FFmpeg FFmpeg | >=3.2<3.2.15 | |
FFmpeg FFmpeg | >=3.4<3.4.7 | |
FFmpeg FFmpeg | >=4.0<4.0.5 | |
FFmpeg FFmpeg | >=4.1<4.1.5 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
debian/ffmpeg | 7:4.3.7-0+deb11u1 7:4.3.8-0+deb11u1 7:5.1.6-0+deb12u1 7:7.1-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-17542 is a vulnerability in FFmpeg before version 4.2 that allows a heap-based buffer overflow.
CVE-2019-17542 has a severity rating of 9.8 out of 10, making it critical.
FFmpeg versions 2.8.16 to 4.1.5, as well as certain versions of Ubuntu Linux and Debian Linux, are affected by CVE-2019-17542.
To fix CVE-2019-17542, update FFmpeg to version 4.2 or later.
You can find more information about CVE-2019-17542 at the following references: [CVE Details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17542), [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919), [Ubuntu Security Notices](https://ubuntu.com/security/notices/USN-4431-1).