CVE-2018-7557

🗓️ 28 Feb 2018 07:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 109 Views

The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data

Reporter	Title	Published	Views	Family All 29
AlpineLinux	CVE-2018-7557	28 Feb 201807:00	–	alpinelinux
CNVD	Ffmpeg Denial of Service Vulnerability (CNVD-2018-06423)	28 Feb 201800:00	–	cnvd
Cvelist	CVE-2018-7557	28 Feb 201807:00	–	cvelist
Debian	[SECURITY] [DLA 1630-1] libav security update	7 Jan 201922:34	–	debian
Debian	[SECURITY] [DSA 4249-1] ffmpeg security update	17 Jul 201820:41	–	debian
Debian CVE	CVE-2018-7557	28 Feb 201807:00	–	debiancve
Tenable Nessus	Debian DLA-1630-1 : libav security update	8 Jan 201900:00	–	nessus
Tenable Nessus	Debian DSA-4249-1 : ffmpeg - security update	18 Jul 201800:00	–	nessus
Tenable Nessus	GLSA-202003-65 : FFmpeg: Multiple vulnerabilities	31 Mar 202000:00	–	nessus
EUVD	EUVD-2018-19284	7 Oct 202500:30	–	euvd

NVD

Node

ffmpeg ffmpegRange2.8–3.4.2

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2019/01/msg00006.html
security	www.security.gentoo.org/glsa/202003-65
git	www.git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
github	www.github.com/FFmpeg/FFmpeg/commit/e724bd1dd9efea3abb8586d6644ec07694afceae
debian	www.debian.org/security/2018/dsa-4249

21 Nov 2024 04:12Current

6.2Medium risk

Vulners AI Score6.2

CVSS 24.3

CVSS 3.16.5

EPSS0.00398

CWE-125