CVE-2018-13303

2018-07-0517:29:00

Google

osv.dev

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.2%

JSON

In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

CPENameOperatorVersion
ffmpeg.giteqn4.0
ffmpeg.giteqn2.8-de
ffmpeg.giteqn3.2-de
ffmpeg.giteqn0.12-de
ffmpeg.giteqn2.1-de
ffmpeg.giteqn2.3-de
ffmpeg.giteqn1.1-de
ffmpeg.giteqn3.1-de
ffmpeg.giteqn2.6-de
ffmpeg.giteqn0.11-de

Name	Operator	Version
ffmpeg.git	eq	n4.0
ffmpeg.git	eq	n2.8-de
ffmpeg.git	eq	n3.2-de
ffmpeg.git	eq	n0.12-de
ffmpeg.git	eq	n2.1-de
ffmpeg.git	eq	n2.3-de
ffmpeg.git	eq	n1.1-de
ffmpeg.git	eq	n3.1-de
ffmpeg.git	eq	n2.6-de
ffmpeg.git	eq	n0.11-de