CVE-2019-11338

Priority
Description
libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate
first slices, which allows remote attackers to cause a denial of service
(NULL pointer dereference and out-of-array access) or possibly have
unspecified other impact via crafted HEVC data.
Notes
 mdeslaur> USN-3967-1 only fixed this CVE in disco. bionic and cosmic are
 mdeslaur> still affected.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):released (7:4.1.3-0ubuntu1)
Ubuntu 19.10 (Eoan):needed
More Information

Updated: 2019-05-14 14:14:22 UTC (commit 541be164f109a4fe72a44df0bb49aa93b8e260c3)