Test Kennung:	1.3.6.1.4.1.25623.1.0.113356
Kategorie:	Denial of Service
Titel:	FFmpeg <= 4.1 Multiple Vulnerabilities
Zusammenfassung:	FFmpeg is prone to multiple vulnerabilities.
Beschreibung:	Summary: FFmpeg is prone to multiple vulnerabilities. Vulnerability Insight: A vulnerability in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format: - because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf - because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf Vulnerability Impact: Successful exploitation would allow an attacker to exhaust the target system's CPU resources. Affected Software/OS: FFmpeg through version 4.1.0. Solution: Update to version 4.1.1. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	BugTraq ID: 107384 Common Vulnerability Exposure (CVE) ID: CVE-2019-9718 BugTraq ID: 107382 http://www.securityfocus.com/bid/107382 Bugtraq: 20190523 [SECURITY] [DSA 4449-1] ffmpeg security update (Google Search) https://seclists.org/bugtraq/2019/May/60 Debian Security Information: DSA-4449 (Google Search) https://www.debian.org/security/2019/dsa-4449 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982 https://github.com/FFmpeg/FFmpeg/commit/23ccf3cabb4baf6e8af4b1af3fcc59c904736f21 https://usn.ubuntu.com/3967-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9721 http://www.securityfocus.com/bid/107384 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65 https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.