VDB
CVE-2018-1999014
CVE-2018-1999014
PUBLISHED
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.
EPSS 0.50% · 66.3th percentile
Risk Scores
EPSS Score
0.50%
66.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | qtwebengine-opensource-src | 5.9.2+dfsg-2ubuntu1, 5.9.3+dfsg-0ubuntu1, 5.9.4+dfsg-0ubuntu1 |
| Ubuntu:24.04:LTS | qtwebengine-opensource-src | 5.15.15+dfsg-2, 5.15.15+dfsg-2ubuntu1, 5.15.16+dfsg-1 |
| Ubuntu:20.04:LTS | kino | 1.3.4+dfsg0-1build1, 0, 1.3.4+dfsg0-1 |
| Ubuntu:16.04:LTS | oxide-qt | 1.11.5-0ubuntu1, 1.18.3-0ubuntu0.16.04.1, 1.14.9-0ubuntu0.16.04.1 |
| Ubuntu:25.10 | gst-libav1.0 | 1.26.5-1, 1.26.6-1, 0 |
| Ubuntu:24.04:LTS | gst-libav1.0 | 1.22.10-1, 1.24.1-1, 1.22.8-1 |
| Ubuntu:20.04:LTS | gst-libav1.0 | 1.16.2-2, 1.16.1-1, 0 |
| Ubuntu:22.04:LTS | chromium-browser | 1:85.0.4183.83-0ubuntu2, 0, 1:85.0.4183.83-0ubuntu2.22.04.1 |
| Ubuntu:24.04:LTS | chromium-browser | *, 1:85.0.4183.83-0ubuntu3, 2:1snap1-0ubuntu1 |
| Ubuntu:25.10 | qtwebengine-opensource-src | 5.15.18+dfsg-2, *, 5.15.18+dfsg-2build1 |
| Ubuntu:18.04:LTS | kino | 1.3.4-2.3, 0, 1.3.4-2.4 |
| Ubuntu:20.04:LTS | qtwebengine-opensource-src | 5.12.5+dfsg-3ubuntu1, 5.12.4+dfsg-1ubuntu1, 0 |
| Ubuntu:22.04:LTS | kino | 0, 1.3.4+dfsg0-1.1, * |
| Ubuntu:22.04:LTS | qtwebengine-opensource-src | 5.15.8+dfsg-1, *, 0 |
| Ubuntu:18.04:LTS | gst-libav1.0 | 1.12.2-1, 1.13.91-1, 1.12.4-1 |
| Ubuntu:16.04:LTS | kino | 0, 1.3.4-2.1build2 |
| Ubuntu:16.04:LTS | gst-libav1.0 | 1.6.0-2, 0, 1.6.0-1 |
| Ubuntu:22.04:LTS | gst-libav1.0 | 0, 1.20.1-1, 1.18.5-1 |
| Ubuntu:25.10 | chromium-browser | 2:1snap1-0ubuntu3, 0 |
Exploit Intelligence
Timeline
- Jul 23, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1999014 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1999014 third-party-advisory