CVE-2019-9718

Priority
Description
In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers
to hog the CPU via a crafted video file in Matroska format, because
ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format
argument to sscanf.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (7:3.4.6-0ubuntu0.18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (7:4.0.4-0ubuntu1)
Ubuntu 19.04 (Disco Dingo):released (7:4.1.3-0ubuntu1)
Ubuntu 19.10 (Eoan):needed
More Information

Updated: 2019-05-06 19:14:27 UTC (commit 2a7972bafb9b79a6e652904a4b622a98f87a3641)