CVE-2019-13312Out-of-bounds Read in Ffmpeg

CWE-125Out-of-bounds Read6 documents5 sources
Severity
8.8HIGHNVD
OSV7.5
EPSS
0.6%
top 31.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedJul 5
Latest updateMay 24

Description

block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Ubuntuffmpeg/ffmpeg< 7:2.8.17-0ubuntu0.1+2
NVDffmpeg/ffmpeg4.1.3
debiandebian/ffmpeg

🔴Vulnerability Details

3
GHSA
GHSA-rmv2-95pm-pw73: block_cmp() in libavcodec/zmbvenc2022-05-24
OSV
ffmpeg vulnerabilities2020-07-22
OSV
CVE-2019-13312: block_cmp() in libavcodec/zmbvenc2019-07-05

📋Vendor Advisories

2
Ubuntu
FFmpeg vulnerabilities2020-07-22
Debian
CVE-2019-13312: ffmpeg - block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over...2019