Candidate: CVE-2018-12458
PublicDate: 2018-06-15 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12458
 https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8
Description:
 An improper integer type in the mpeg4_encode_gop_header function in
 libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion
 violation while converting a crafted AVI file to MPEG4, leading to a denial
 of service.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_ffmpeg:
upstream_ffmpeg: released (4.0.1)
precise/esm_ffmpeg: DNE
trusty_ffmpeg: DNE
trusty/esm_ffmpeg: DNE
xenial_ffmpeg: released (7:2.8.15-0ubuntu0.16.04.1)

artful_ffmpeg: ignored (reached end-of-life)
bionic_ffmpeg: released (7:3.4.4-0ubuntu0.18.04.1)

devel_ffmpeg: not-affected (7:4.0.1-1)