Candidate: CVE-2019-9717
PublicDate: 2019-09-19 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9717
 https://github.com/libav/libav/blob/df744e3cf66548c9167ea857104a29d2ea92819e/libavcodec/srtdec.c#L90
 https://lgtm.com/security/
Description:
 In Libav 12.3, a denial of service in the subtitle decoder allows attackers
 to hog the CPU via a crafted video file in Matroska format, because
 srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_ffmpeg:
upstream_ffmpeg: needs-triage
precise/esm_ffmpeg: DNE
trusty_ffmpeg: ignored (out of standard support)
trusty/esm_ffmpeg: DNE
xenial_ffmpeg: not-affected (code not present)
bionic_ffmpeg: not-affected (code not present)
disco_ffmpeg: not-affected (code not present)
eoan_ffmpeg: not-affected (code not present)
focal_ffmpeg: not-affected (code not present)
groovy_ffmpeg: not-affected (code not present)
hirsute_ffmpeg: not-affected (code not present)
impish_ffmpeg: not-affected (code not present)
jammy_ffmpeg: not-affected (code not present)
devel_ffmpeg: not-affected (code not present)

Patches_qtwebengine-opensource-src:
upstream_qtwebengine-opensource-src: needs-triage
precise/esm_qtwebengine-opensource-src: DNE
trusty_qtwebengine-opensource-src: ignored (out of standard support)
trusty/esm_qtwebengine-opensource-src: DNE
xenial_qtwebengine-opensource-src: DNE
bionic_qtwebengine-opensource-src: needs-triage
disco_qtwebengine-opensource-src: ignored (reached end-of-life)
eoan_qtwebengine-opensource-src: ignored (reached end-of-life)
focal_qtwebengine-opensource-src: needs-triage
groovy_qtwebengine-opensource-src: ignored (reached end-of-life)
hirsute_qtwebengine-opensource-src: ignored (reached end-of-life)
impish_qtwebengine-opensource-src: needs-triage
jammy_qtwebengine-opensource-src: needs-triage
devel_qtwebengine-opensource-src: needs-triage

Patches_vice:
upstream_vice: needs-triage
precise/esm_vice: DNE
trusty_vice: ignored (out of standard support)
trusty/esm_vice: DNE
xenial_vice: ignored (end of standard support, was needs-triage)
bionic_vice: needs-triage
disco_vice: ignored (reached end-of-life)
eoan_vice: ignored (reached end-of-life)
focal_vice: needs-triage
groovy_vice: ignored (reached end-of-life)
hirsute_vice: ignored (reached end-of-life)
impish_vice: needs-triage
jammy_vice: needs-triage
devel_vice: needs-triage

Patches_gst-libav1.0:
upstream_gst-libav1.0: needs-triage
precise/esm_gst-libav1.0: DNE
trusty_gst-libav1.0: ignored (out of standard support)
trusty/esm_gst-libav1.0: DNE
xenial_gst-libav1.0: ignored (end of standard support, was needs-triage)
bionic_gst-libav1.0: needs-triage
disco_gst-libav1.0: ignored (reached end-of-life)
eoan_gst-libav1.0: ignored (reached end-of-life)
focal_gst-libav1.0: needs-triage
groovy_gst-libav1.0: ignored (reached end-of-life)
hirsute_gst-libav1.0: ignored (reached end-of-life)
impish_gst-libav1.0: needs-triage
jammy_gst-libav1.0: needs-triage
devel_gst-libav1.0: needs-triage