PT-2019-15281 · Nextcloud+1 · Video Converter+1

Xkill

Publicado

2019-10-19

Atualizado

2019-10-22

CVE-2019-18214

CVSS v3.1

7.7

Alta

Vetor

AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N

Name of the Vulnerable Software and Affected Versions Video Converter app version 0.1.0 for Nextcloud

Description The issue allows for denial of service through CPU and memory consumption by initiating multiple concurrent conversions. This happens because the workload is not queued for serial execution, potentially leading to many FFmpeg processes running simultaneously.

Recommendations For Video Converter app version 0.1.0, consider restricting concurrent conversions to prevent excessive CPU and memory consumption until a fix is available. As a temporary workaround, limiting the number of simultaneous FFmpeg processes may help mitigate the risk of denial of service.

Exploit

Correção

Missing Release of Resource after Effective Lifetime

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-772

Identificadores relacionados

CVE-2019-18214

Produtos afetados

Ffmpeg

Video Converter

PT-2019-15281 · Nextcloud+1 · Video Converter+1

CVE-2019-18214

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3