CVE-2019-18214

Exploit

EPSS 1.39%
Veröffentlicht 19.10.2019 14:15:10
Zuletzt bearbeitet 21.11.2024 04:32:50
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Video Converter Project ≫ Video Converter Version0.1.0 SwPlatformnextcloud

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.39%	0.687

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	6.8	8	6.9	AV:N/AC:L/Au:S/C:N/I:N/A:C
cve@mitre.org	7.7	3.1	4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://github.com/PaulLereverend/NextcloudVideo_Converter/issues/22

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2019-18214

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18214

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18214

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-18214