Unrated severityNVD Advisory· Published Mar 12, 2019· Updated Aug 4, 2024

CVE-2019-9718

Description

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

FFmpeg/Ffmpeginferred2 versions
>=3.2,<=4.1+ 1 more
- (no CPE)range: >=3.2,<=4.1
- (no CPE)range: 3.2, 4.1
osv-coords6 versions
pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1
< 3.4.2-4.27.1+ 5 more
- (no CPE)range: < 3.4.2-4.27.1
- (no CPE)range: < 3.4.2-4.27.1
- (no CPE)range: < 3.4.2-4.27.1
- (no CPE)range: < 3.4.2-4.27.1
- (no CPE)range: < 3.4.2-4.27.1
- (no CPE)range: < 3.4.2-4.27.1

Patches

Vulnerability mechanics

References

usn.ubuntu.com/3967-1/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2019/dsa-4449mitrevendor-advisoryx_refsource_DEBIAN
www.securityfocus.com/bid/107382mitrevdb-entryx_refsource_BID
git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982mitrex_refsource_MISC
github.com/FFmpeg/FFmpeg/commit/23ccf3cabb4baf6e8af4b1af3fcc59c904736f21mitrex_refsource_MISC
seclists.org/bugtraq/2019/May/60mitremailing-listx_refsource_BUGTRAQ

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000