CVE-2018-1999011

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869

Description The issue is related to a buffer overflow in the dynamic memory, which can be exploited by an attacker to cause a denial of service or execute arbitrary code using a specially crafted file or stream. The vulnerability is specifically located in the asf o format demuxer and can result in a heap-buffer-overflow, potentially leading to remote code execution. This can be achieved by providing a specially crafted ASF file as input to FFmpeg.

Recommendations For FFmpeg versions prior to commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869, update to a version that includes the fix, specifically commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 or later. As a temporary workaround, consider restricting the use of the asf o format demuxer to minimize the risk of exploitation. Avoid using specially crafted ASF files that could trigger the buffer overflow until the issue is resolved.