Описание
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 7:3.4.8-0ubuntu0.2 |
| cosmic | ignored | end of life |
| devel | not-affected | 7:4.1.4-1 |
| disco | ignored | end of life |
| eoan | not-affected | 7:4.1.4-1 |
| esm-apps/bionic | released | 7:3.4.8-0ubuntu0.2 |
| esm-apps/focal | not-affected | 7:4.1.4-1 |
| esm-apps/xenial | released | 7:2.8.17-0ubuntu0.1 |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 7:4.1.4-1 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x ...
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not check for sscanf failure and consequently allows use of uninitialized variables.
Уязвимость библиотеки libavformat мультимедийной среды Ffmpeg, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3