PT-2018-3997 · FFmpeg+2 · Ffmpeg+2

Paul Ch

Publicado

2018-07-05

Atualizado

2026-02-06

CVE-2018-1999013

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to commit a7e032a277452366771951e29fd0bf2bd5c029f0

Description The issue is related to a use-after-free vulnerability in the realmedia demuxer of the FFmpeg multimedia library. This vulnerability can be exploited by a remote attacker using a specially crafted RM file, potentially allowing access to confidential data by reading heap memory.

Recommendations For versions prior to commit a7e032a277452366771951e29fd0bf2bd5c029f0, update to a version that includes the fix, such as commit a7e032a277452366771951e29fd0bf2bd5c029f0 or later. As a temporary workaround, consider avoiding the use of specially crafted RM files or restricting access to the realmedia demuxer until a patch is applied.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2018-2047

BDU:2024-09057

CLEANSTART-2026-EZ98723

CLEANSTART-2026-PS82605

CLEANSTART-2026-XE32069

CVE-2018-1999013

DSA-4249-1

SUSE-SU-2018:2305-1

Produtos afetados

Alt Linux

Ffmpeg

Suse

PT-2018-3997 · FFmpeg+2 · Ffmpeg+2

CVE-2018-1999013

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 149