First published: Thu Sep 19 2019(Updated: )
In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Libav Libav | <=12.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Libav vulnerability is CVE-2019-9717.
The severity of CVE-2019-9717 is high with a score of 6.5.
The affected software for CVE-2019-9717 is Libav version 12.3.
CVE-2019-9717 allows attackers to hog the CPU by exploiting a denial of service vulnerability in the subtitle decoder.
To fix CVE-2019-9717, it is recommended to update to a version of Libav that is not affected, if available.