6.5

CVE-2018-14395

libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version9.0
FfmpegFfmpeg Version3.2
FfmpegFfmpeg Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.04% 0.786
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-369 Divide By Zero

The product divides a value by zero.

http://www.securitytracker.com/id/1041394
Third Party Advisory
VDB Entry
https://github.com/FFmpeg/FFmpeg/commit/2c0e98a0b478284bdff6d7a4062522605a8beae5
Patch
Third Party Advisory
https://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582
Patch
Third Party Advisory
https://www.debian.org/security/2018/dsa-4258
Third Party Advisory