PT-2018-3997 · FFmpeg+2 · Ffmpeg+2

Paul Ch

Published

2018-07-05

Updated

2026-02-06

CVE-2018-1999013

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to commit a7e032a277452366771951e29fd0bf2bd5c029f0

Description The issue is related to a use-after-free vulnerability in the realmedia demuxer of the FFmpeg multimedia library. This vulnerability can be exploited by a remote attacker using a specially crafted RM file, potentially allowing access to confidential data by reading heap memory.

Recommendations For versions prior to commit a7e032a277452366771951e29fd0bf2bd5c029f0, update to a version that includes the fix, such as commit a7e032a277452366771951e29fd0bf2bd5c029f0 or later. As a temporary workaround, consider avoiding the use of specially crafted RM files or restricting access to the realmedia demuxer until a patch is applied.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2018-2047

BDU:2024-09057

CLEANSTART-2026-EZ98723

CLEANSTART-2026-PS82605

CLEANSTART-2026-XE32069

CVE-2018-1999013

DSA-4249-1

SUSE-SU-2018:2305-1

Affected Products

Alt Linux

Ffmpeg

Suse

PT-2018-3997 · FFmpeg+2 · Ffmpeg+2

CVE-2018-1999013

Weakness Enumeration

Related Identifiers

Affected Products

References · 149