Vulnerabilities > CVE-2018-13302 - Improper Validation of Array Index vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
ffmpeg
debian
CWE-129
nessus

Summary

In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.

Vulnerable Configurations

Part Description Count
Application
Ffmpeg
1
OS
Debian
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4249.NASL
    descriptionSeveral vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
    last seen2020-06-01
    modified2020-06-02
    plugin id111141
    published2018-07-18
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111141
    titleDebian DSA-4249-1 : ffmpeg - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2305-1.NASL
    descriptionThis update for ffmpeg fixes the following issues: Security issues fixed : - CVE-2018-13302: Fixed out of array access issue (bsc#1100356). - CVE-2018-1999010: Fixed multiple out of array access vulnerabilities in the mms protocol that could result in accessing out of bound data via specially crafted input files (bnc#1102899) - CVE-2018-1999011: Fixed a heap buffer overflow in asf_o format demuxer that could result in remote code execution (bnc#1102689) - CVE-2018-1999012: Fixed an infinite loop vulnerability in pva format demuxer that could result in excessive amount of ressource allocation like CPU an RAM (CVE-2018-1999012 bnc#1102688). - CVE-2018-1999013: Fixed an use-after-free vulnerability in the realmedia demuxer that could allow remote attackers to read heap memory (bnc#1102687) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-01-02
    plugin id120076
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120076
    titleSUSE SLED15 / SLES15 Security Update : ffmpeg (SUSE-SU-2018:2305-1)