CVE-2018-15822 — Reachable Assertion in Ffmpeg

CWE-617 — Reachable Assertion7 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 18.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg Canonical Ubuntu Linux +1 more

Timeline

PublishedAug 23

Latest updateMay 13

Description

The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/ffmpeg< ffmpeg 7:4.0.3-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.0.3-1+3

▶Ubuntuffmpeg/ffmpeg< 7:2.8.17-0ubuntu0.1+2

▶NVDffmpeg/ffmpeg2.8

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 16.04, 18.04, 18.10, 19.04, 20.04

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9cg9-6hp2-vf6p: The flv_write_packet function in libavformat/flvenc↗2022-05-13

▶

OSV

ffmpeg vulnerabilities↗2020-07-22

▶

OSV

CVE-2018-15822: The flv_write_packet function in libavformat/flvenc↗2018-08-23

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2020-07-22

▶

Ubuntu

FFmpeg vulnerabilities↗2019-05-06

▶

Debian

CVE-2018-15822: ffmpeg - The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does...↗2018

▶