CVE-2019-12730

Name
CVE-2019-12730
Description
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40
Patch https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b
CONFIRM https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2
CONFIRM https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4
BID http://www.securityfocus.com/bid/109317
BUGTRAQ https://seclists.org/bugtraq/2019/Aug/30
DEBIAN https://www.debian.org/security/2019/dsa-4502
GENTOO https://security.gentoo.org/glsa/202003-65
UBUNTU https://usn.ubuntu.com/4431-1/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* ffmpeg >= None < 3.2.14

Vulnerable and fixed packages

Source package Branch Version Maintainer Status