PublicDateAtUSN: 2019-03-12
Candidate: CVE-2019-9718
PublicDate: 2019-03-12 09:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9718
 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982
 https://ubuntu.com/security/notices/USN-3967-1
Description:
 In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows
 attackers to hog the CPU via a crafted video file in Matroska format,
 because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex
 format argument to sscanf.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_ffmpeg:
upstream_ffmpeg: needs-triage
precise/esm_ffmpeg: DNE
trusty_ffmpeg: DNE
trusty/esm_ffmpeg: DNE
xenial_ffmpeg: not-affected (code not present)
bionic_ffmpeg: released (7:3.4.6-0ubuntu0.18.04.1)
cosmic_ffmpeg: released (7:4.0.4-0ubuntu1)
disco_ffmpeg: released (7:4.1.3-0ubuntu1)
devel_ffmpeg: released (7:4.1.3-1)