High severity8.8NVD Advisory· Published Jul 23, 2018· Updated Jun 17, 2026

CVE-2018-1999011

Description

FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

FFmpeg/Ffmpegllm-fuzzy
Range: < commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869
osv-coords2 versions
pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015
< 3.4.2-4.5.1+ 1 more
- (no CPE)range: < 3.4.2-4.5.1
- (no CPE)range: < 3.4.2-4.5.1

Patches

Vulnerability mechanics

References

github.com/FFmpeg/FFmpeg/commit/2b46ebdbff1d8dec7a3d8ea280a612b91a582869nvdIssue TrackingPatchThird Party Advisory
www.securityfocus.com/bid/104896nvdThird Party AdvisoryVDB Entry
seclists.org/bugtraq/2019/May/60nvd
www.debian.org/security/2019/dsa-4449nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000