Denial Of Service (DoS)

2020-06-0304:12:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

68.5%

JSON

ffmpeg is vulnerable to denial of service (DoS). The vulnerability exists as the svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.

CPENameOperatorVersion
ffmpegeq2.6.9-r0
ffmpegeq2.8.11-r0
ffmpegeq3.1.11-r1
ffmpegeq0.10.9-r0
ffmpegeq3.2.9-r0
ffmpegeq3.0.7-r0
ffmpegeq1.1.14-r0
ffmpegeq2.1.5-r1
ffmpegeq1.2.8-r0
ffmpegeq2.3.5-r0

Name	Operator	Version
ffmpeg	eq	2.6.9-r0
ffmpeg	eq	2.8.11-r0
ffmpeg	eq	3.1.11-r1
ffmpeg	eq	0.10.9-r0
ffmpeg	eq	3.2.9-r0
ffmpeg	eq	3.0.7-r0
ffmpeg	eq	1.1.14-r0
ffmpeg	eq	2.1.5-r1
ffmpeg	eq	1.2.8-r0
ffmpeg	eq	2.3.5-r0