PT-2018-3999 · FFmpeg+2 · Ffmpeg+2

Paul Ch

Published

2018-06-25

Updated

2026-02-06

CVE-2018-1999010

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to commit cced03dd667a5df6df8fd40d8de0bff477ee02e8

Description The issue is related to a buffer data boundary reading vulnerability in the mms protocol of the FFmpeg multimedia library. Exploitation of this issue may allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability can be exploited via network connectivity.

Recommendations For FFmpeg versions prior to commit cced03dd667a5df6df8fd40d8de0bff477ee02e8, update to a version that includes the fix, such as commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 or later. As a temporary workaround, consider restricting network connectivity to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2018-1929

BDU:2024-09059

CLEANSTART-2026-EZ98723

CLEANSTART-2026-PS82605

CLEANSTART-2026-XE32069

CVE-2018-1999010

DLA-1630-1

DSA-4249-1

SUSE-SU-2018:2305-1

Affected Products

Alt Linux

Ffmpeg

Suse

PT-2018-3999 · FFmpeg+2 · Ffmpeg+2

CVE-2018-1999010

Weakness Enumeration

Related Identifiers

Affected Products

References · 151