Unrated severityOSV Advisory· Published Apr 18, 2019· Updated Aug 4, 2024
CVE-2019-11338
CVE-2019-11338
Description
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- osv-coords5 versionspkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Package%20Hub%2015%20SP1
< 4.2.1-bp151.5.3.1+ 4 more
- (no CPE)range: < 4.2.1-bp151.5.3.1
- (no CPE)range: < 4.4-5.2
- (no CPE)range: < 4.2.1-bp151.5.3.1
- (no CPE)range: < 4.2.1-bp151.5.3.1
- (no CPE)range: < 4.2.1-bp151.5.3.1
Patches
Vulnerability mechanics
References
9- lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/3967-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4431-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4449mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/108034mitrevdb-entryx_refsource_BID
- github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7emitrex_refsource_MISC
- github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65bmitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/05/msg00043.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/May/60mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.