High severity8.1NVD Advisory· Published Jul 5, 2018· Updated Jun 17, 2026
CVE-2018-13305
CVE-2018-13305
Description
In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords8 versionspkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015
< 4.2.1-bp151.5.3.1+ 7 more
- (no CPE)range: < 4.2.1-bp151.5.3.1
- (no CPE)range: < 4.4-5.2
- (no CPE)range: < 4.2.1-bp151.5.3.1
- (no CPE)range: < 4.2.1-bp151.5.3.1
- (no CPE)range: < 4.2.1-bp151.5.3.1
- (no CPE)range: < 3.4.2-4.12.4
- (no CPE)range: < 3.4.2-4.12.4
- (no CPE)range: < 3.4.2-4.12.4
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.