Medium severity6.5NVD Advisory· Published Jul 23, 2018· Updated Jun 17, 2026

CVE-2018-1999012

Description

FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

FFmpeg/Ffmpegllm-fuzzy
Range: < commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1
osv-coords2 versions
pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015
< 3.4.2-4.5.1+ 1 more
- (no CPE)range: < 3.4.2-4.5.1
- (no CPE)range: < 3.4.2-4.5.1

Patches

Vulnerability mechanics

References

github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e1nvdIssue TrackingPatchThird Party Advisory
www.securityfocus.com/bid/104896nvdThird Party AdvisoryVDB Entry
lists.debian.org/debian-lts-announce/2019/03/msg00041.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000