Vulnetix
Try Vulnetix Request Demo
CVE-2018-1999014 PUBLISHED

FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.

EPSS 0.44% · 63.0th percentile

Risk Scores

EPSS Score
0.44%
63.0th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSqtwebengine-opensource-src5.9.1+dfsg-4ubuntu1, 0, 5.9.1+dfsg-4
Ubuntu:24.04:LTSqtwebengine-opensource-src5.15.16+dfsg-3, 5.15.15+dfsg-2build2, 5.15.15+dfsg-2
Ubuntu:20.04:LTSkino0, 1.3.4+dfsg0-1build1, 1.3.4+dfsg0-1
Ubuntu:16.04:LTSoxide-qt1.18.5-0ubuntu0.16.04.1, 1.19.4-0ubuntu0.16.04.1, 1.20.4-0ubuntu0.16.04.1
Ubuntu:25.10gst-libav1.01.26.4-1, 1.26.6-1, 0
Ubuntu:24.04:LTSgst-libav1.01.24.1-1, 1.22.8-1, 1.22.7-1
Ubuntu:20.04:LTSgst-libav1.00, 1.16.1-1, 1.16.2-1
Ubuntu:22.04:LTSchromium-browser1:85.0.4183.83-0ubuntu2.22.04.1, 0, 1:85.0.4183.83-0ubuntu2
Ubuntu:24.04:LTSchromium-browser2:1snap1-0ubuntu1, 0, 1:85.0.4183.83-0ubuntu3
Ubuntu:25.10qtwebengine-opensource-src5.15.18+dfsg-2build1, 0, 5.15.19+dfsg2-1
Ubuntu:18.04:LTSkino1.3.4-2.3, 1.3.4-2.4, 0
Ubuntu:20.04:LTSqtwebengine-opensource-src5.12.4+dfsg-1ubuntu1, 5.12.5+dfsg-7, 5.12.5+dfsg-7build1
Ubuntu:22.04:LTSkino1.3.4+dfsg0-1.1, 1.3.4+dfsg0-1build2, 0
Ubuntu:22.04:LTSqtwebengine-opensource-src5.15.8+dfsg-1, 5.15.8+dfsg-1build1, 5.15.8+dfsg-1build2
Ubuntu:18.04:LTSgst-libav1.00, 1.14.5-0ubuntu1~18.04.1, 1.14.4-0ubuntu1~ubuntu18.04.1
Ubuntu:16.04:LTSkino0, 1.3.4-2.1build2
Ubuntu:16.04:LTSgst-libav1.01.8.3-1ubuntu0.1, 1.8.2-1~ubuntu1, 1.8.1-1~ubuntu1
Ubuntu:22.04:LTSgst-libav1.01.20.1-1, 1.20.0-1, 0
Ubuntu:25.10chromium-browser0, 2:1snap1-0ubuntu3

Timeline

References

Open in Interactive Console →