CVE-2019-9721

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FFmpeg versions 3.2 through 4.1

Description The issue is related to a denial of service in the subtitle decoder, specifically due to the handle open brace function in libavcodec/htmlsubtitles.c, which has a complex format argument to sscanf. This can be exploited by an attacker using specially crafted video files in Matroska format, potentially leading to a denial of service by causing excessive CPU usage.

Recommendations For FFmpeg versions 3.2 through 4.1, consider disabling the subtitle decoder or restricting the use of handle open brace function until a patch is available. Avoid using the sscanf function with complex format arguments in the affected libavcodec/htmlsubtitles.c file to minimize the risk of exploitation.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-1275

BDU:2020-01558

CLEANSTART-2026-EZ98723

CLEANSTART-2026-PS82605

CLEANSTART-2026-XE32069

CVE-2019-9721

OPENSUSE-SU-2021:2919-1

OPENSUSE-SU-2021_2919-1

SUSE-SU-2021:2919-1

SUSE-SU-2021:2929-1

SUSE-SU-2021_2919-1

USN-3967-1

Affected Products

Alt Linux

Ffmpeg

Suse

Ubuntu

CVE-2019-9721

Weakness Enumeration

Related Identifiers

Affected Products

References · 210