Vulnerabilities > CVE-2018-13301 - NULL Pointer Dereference vulnerability in Ffmpeg 4.0.1

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
ffmpeg
CWE-476
nessus

Summary

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

Vulnerable Configurations

Part Description Count
Application
Ffmpeg
1

Common Weakness Enumeration (CWE)

Nessus

NASL familySuSE Local Security Checks
NASL idSUSE_SU-2019-3184-1.NASL
descriptionThis update for ffmpeg fixes the following issues : Security issues fixed : CVE-2019-17542: Fixed a heap-buffer overflow in vqa_decode_chunk due to an out-of-array access (bsc#1154064). CVE-2019-12730: Fixed an uninitialized use of variables due to an improper check (bsc#1137526). CVE-2019-9718: Fixed a denial of service in the subtitle decode (bsc#1129715). CVE-2018-13301: Fixed a denial of service while converting a crafted AVI file to MPEG4 (bsc#1100352). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen2020-06-01
modified2020-06-02
plugin id131756
published2019-12-06
reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/131756
titleSUSE SLED15 / SLES15 Security Update : ffmpeg (SUSE-SU-2019:3184-1)