Main Vulnerability Database SB2019081686

SB2019081686 - Out-of-bounds read in ffmpeg (Alpine package)

Published: August 16, 2019

Security Bulletin ID SB2019081686

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2018-1999015)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=d8d38dabc6e30c901eb6bd6627d8337849d7c041
https://git.alpinelinux.org/aports/commit/?id=cf78a820406ae4481e937bc2fba252ff79c89a09
https://git.alpinelinux.org/aports/commit/?id=859fd99d06049c009c8b745626511cd681061a99