8.8

CVE-2019-11338

libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FfmpegFfmpeg Version3.4
FfmpegFfmpeg Version4.1.2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
CanonicalUbuntu Linux Version19.04
CanonicalUbuntu Linux Version20.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.35% 0.815
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/May/60
Third Party Advisory
Mailing List
https://www.debian.org/security/2019/dsa-4449
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3967-1/
Third Party Advisory
https://usn.ubuntu.com/4431-1/
Third Party Advisory
http://www.securityfocus.com/bid/108034
Broken Link
https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e
Patch
Third Party Advisory
https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b
Patch
Third Party Advisory