Aurelien Jacobs - Security Researcher - Exploit Intelligence Platform

CVE-2019-9719 WRITEUP HIGH WRITEUP

Libav < 12.3 - Stack-based Buffer Overflow in Subtitle Decoder

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided

CVSS 8.8

View Code

CVE-2019-9717 WRITEUP MEDIUM WRITEUP

libav < 12.3 - Denial of Service via Matroska Subtitle Decoder

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.

CVSS 6.5

View Code

CVE-2019-9720 WRITEUP MEDIUM WRITEUP

libav < 12.3 - Stack-based Buffer Overflow via Matroska Subtitle Decoder

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.

CVSS 6.5

View Code