CVE-2018-1999011
Published: 23 July 2018
FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later.
Notes
Author | Note |
---|---|
mdeslaur | marking chromium-browser as ignored, since we do full-version updates, and rely on upstream's bundled ffmpeg version |
ebarretto | According to upstream FFmpeg: Code does not exist in 2.8 |
Priority
Status
Package | Release | Status |
---|---|---|
vlc Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
cosmic |
Not vulnerable
(code not present)
|
|
disco |
Not vulnerable
(code not present)
|
|
eoan |
Not vulnerable
(code not present)
|
|
focal |
Not vulnerable
(code not present)
|
|
xenial |
Not vulnerable
(code not present)
|
|
hirsute |
Not vulnerable
(code not present)
|
|
groovy |
Not vulnerable
(code not present)
|
|
impish |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(code not present)
|
|
kinetic |
Not vulnerable
(code not present)
|
|
lunar |
Not vulnerable
(code not present)
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
(code not present)
|
|
mantic |
Not vulnerable
(code not present)
|
|
chromium-browser Launchpad, Ubuntu, Debian |
groovy |
Ignored
|
hirsute |
Ignored
|
|
bionic |
Ignored
|
|
cosmic |
Ignored
|
|
disco |
Ignored
|
|
eoan |
Ignored
|
|
focal |
Ignored
|
|
impish |
Ignored
|
|
jammy |
Ignored
|
|
kinetic |
Ignored
|
|
lunar |
Ignored
|
|
trusty |
Does not exist
(trusty was ignored [no longer updated])
|
|
upstream |
Released
|
|
xenial |
Ignored
|
|
mantic |
Ignored
|
|
ffmpeg Launchpad, Ubuntu, Debian |
groovy |
Not vulnerable
(7:4.1-1)
|
hirsute |
Not vulnerable
(7:4.1-1)
|
|
bionic |
Not vulnerable
(7:3.4.4-0ubuntu0.18.04.1)
|
|
cosmic |
Ignored
(end of life)
|
|
disco |
Not vulnerable
(7:4.1-1)
|
|
eoan |
Not vulnerable
(7:4.1-1)
|
|
focal |
Not vulnerable
(7:4.1-1)
|
|
impish |
Not vulnerable
(7:4.1-1)
|
|
jammy |
Not vulnerable
(7:4.1-1)
|
|
kinetic |
Not vulnerable
(7:4.1-1)
|
|
lunar |
Not vulnerable
(7:4.1-1)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
mantic |
Not vulnerable
(7:4.1-1)
|
|
Patches: upstream: https://github.com/FFmpeg/FFmpeg/commit/2b46ebdbff1d8dec7a3d8ea280a612b91a582869 |
||
oxide-qt Launchpad, Ubuntu, Debian |
groovy |
Does not exist
|
hirsute |
Does not exist
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [Ubuntu touch end-of-life])
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(Ubuntu touch end-of-life)
|
|
mantic |
Does not exist
|
|
gst-libav1.0 Launchpad, Ubuntu, Debian |
groovy |
Ignored
(end of life)
|
hirsute |
Ignored
(end of life)
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
xenial |
Needs triage
|
|
bionic |
Needs triage
|
|
cosmic |
Ignored
(end of life)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Needs triage
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Needs triage
|
|
mantic |
Needs triage
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
|
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
hirsute |
Ignored
(end of life)
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
impish |
Ignored
(end of life)
|
|
bionic |
Needs triage
|
|
cosmic |
Ignored
(end of life)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
mantic |
Needs triage
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |