CVE-2019-17539

CVE-2019-17539

Name

CVE-2019-17539

Description

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Issue Tracking	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733
Patch	https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c
Third Party Advisory	https://security.gentoo.org/glsa/202003-65
Third Party Advisory	https://www.debian.org/security/2020/dsa-4722
Third Party Advisory	https://usn.ubuntu.com/4431-1/
Mailing List	https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html

Type

URI

Issue Tracking

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733

Patch

https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c

Third Party Advisory

https://security.gentoo.org/glsa/202003-65

Third Party Advisory

https://www.debian.org/security/2020/dsa-4722

Third Party Advisory

https://usn.ubuntu.com/4431-1/

Mailing List

https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:ffmpeg:ffmpeg::::::::`	ffmpeg	>= None	< 3.4.7
`cpe:2.3:a:ffmpeg:ffmpeg::::::::`	ffmpeg	>= 4.0	< 4.0.5
`cpe:2.3:a:ffmpeg:ffmpeg::::::::`	ffmpeg	>= 4.1	< 4.1.5

CPE URI

Source package

Min version

Max version

cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

ffmpeg

>= None

< 3.4.7

cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

ffmpeg

>= 4.0

< 4.0.5

cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

ffmpeg

>= 4.1

< 4.1.5

References

Match rules

Vulnerable and fixed packages