CVE-2019-1000016

MEDIUM Year: 2019
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-129
View all →

Vulnerability Description

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.

Related Vulnerabilities

CVE-2020-17398

MEDIUM
CVSS:6.5(Medium)

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the...

CWE-1292020

CVE-2020-20412

MEDIUM
CVSS:6.5(Medium)

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.

CWE-1292020

CVE-2020-29242

MEDIUM
CVSS:6.5(Medium)

dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readPICFrame.

CWE-1292020

CVE-2020-29243

MEDIUM
CVSS:6.5(Medium)

dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readAPICFrame.

CWE-1292020

CVE-2020-29244

MEDIUM
CVSS:6.5(Medium)

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame.

CWE-1292020

CVE-2020-29245

MEDIUM
CVSS:6.5(Medium)

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData.

CWE-1292020