Description
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference%28DoS%29%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html
Scores
CVSS v3
6.5
EPSS
0.0036
EPSS Percentile
58.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (3)
aubio/aubio
0.4.6
ffmpeg/ffmpeg
3.4.1
ffmpeg/libswresample
< 3.0.101
Published
Dec 12, 2017
Tracked Since
Feb 18, 2026