PT-2019-15281 · Nextcloud+1 · Video Converter+1

Xkill

Published

2019-10-19

Updated

2019-10-22

CVE-2019-18214

CVSS v3.1

7.7

High

Vector

AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N

Name of the Vulnerable Software and Affected Versions Video Converter app version 0.1.0 for Nextcloud

Description The issue allows for denial of service through CPU and memory consumption by initiating multiple concurrent conversions. This happens because the workload is not queued for serial execution, potentially leading to many FFmpeg processes running simultaneously.

Recommendations For Video Converter app version 0.1.0, consider restricting concurrent conversions to prevent excessive CPU and memory consumption until a fix is available. As a temporary workaround, limiting the number of simultaneous FFmpeg processes may help mitigate the risk of denial of service.

Exploit

Fix

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

CVE-2019-18214

Affected Products

Ffmpeg

Video Converter

PT-2019-15281 · Nextcloud+1 · Video Converter+1

CVE-2019-18214

Weakness Enumeration

Related Identifiers

Affected Products

References · 3