CVE-2018-19130

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Libav version 12.3

Description The issue is related to an invalid memory access in the vc1 decode frame function in libavcodec/vc1dec.c, which can be exploited by attackers to cause a denial-of-service via a crafted aac file.

Recommendations For Libav version 12.3, consider applying a patch or fix to resolve the invalid memory access issue in the vc1 decode frame function. As a temporary workaround, restrict the processing of crafted aac files to minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2018-19130

DLA-2021-1

Affected Products

Libav

CVE-2018-19130

Weakness Enumeration

Related Identifiers

Affected Products

References · 21