PublicDateAtUSN: 2019-06-04 14:29:00 UTC
Candidate: CVE-2019-12730
PublicDate: 2019-06-04 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12730
 https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b
 https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40
 https://ubuntu.com/security/notices/USN-4431-1
Description:
 aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x
 before 4.1.4 does not check for sscanf failure and consequently allows use
 of uninitialized variables.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_ffmpeg:
upstream_ffmpeg: released (7:4.1.4-1)
precise/esm_ffmpeg: DNE
trusty_ffmpeg: ignored (out of standard support)
trusty/esm_ffmpeg: DNE
xenial_ffmpeg: released (7:2.8.17-0ubuntu0.1)
bionic_ffmpeg: released (7:3.4.8-0ubuntu0.2)
cosmic_ffmpeg: ignored (reached end-of-life)
disco_ffmpeg: ignored (reached end-of-life)
eoan_ffmpeg: not-affected (7:4.1.4-1)
focal_ffmpeg: not-affected (7:4.1.4-1)
devel_ffmpeg: not-affected (7:4.1.4-1)