Unrated severityNVD Advisory· Published Mar 12, 2019· Updated Aug 4, 2024

CVE-2019-9721

Description

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

FFmpeg/Ffmpeginferred2 versions
>=3.2,<=4.1+ 1 more
- (no CPE)range: >=3.2,<=4.1
- (no CPE)range: =3.2, =4.1
osv-coords20 versions
pkg:rpm/opensuse/ffmpeg&distro=openSUSE%20Leap%2015.3 pkg:rpm/suse/ffmpeg&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3 pkg:rpm/suse/ffmpeg&distro=SUSE%20Manager%20Proxy%204.0 pkg:rpm/suse/ffmpeg&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0 pkg:rpm/suse/ffmpeg&distro=SUSE%20Manager%20Server%204.0
< 3.4.2-11.8.2+ 19 more
- (no CPE)range: < 3.4.2-11.8.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-11.8.2
- (no CPE)range: < 3.4.2-11.8.2
- (no CPE)range: < 3.4.2-11.8.2
- (no CPE)range: < 3.4.2-11.8.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-11.8.2
- (no CPE)range: < 3.4.2-11.8.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2
- (no CPE)range: < 3.4.2-4.34.2

Patches

Vulnerability mechanics

References

usn.ubuntu.com/3967-1/mitrevendor-advisoryx_refsource_UBUNTU
www.securityfocus.com/bid/107384mitrevdb-entryx_refsource_BID
git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65mitrex_refsource_MISC
github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000