CVE-2018-15822

Name

CVE-2018-15822

Description

The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Patch	https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10
UBUNTU	https://usn.ubuntu.com/3967-1/
BUGTRAQ	https://seclists.org/bugtraq/2019/May/60
DEBIAN	https://www.debian.org/security/2019/dsa-4449
MLIST	https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html
UBUNTU	https://usn.ubuntu.com/4431-1/
CONFIRM	https://github.com/FFmpeg/FFmpeg/commit/d8ecb335fe4852bbc172c7b79e66944d158b4d92

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:ffmpeg:ffmpeg::::::::`	ffmpeg	>= None	<= 4.0.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status