CVE-2018-1999012

MEDIUM

FFmpeg <9807d3976be0e92e4ece3b4b1701be894cd7c2e1 - Infinite Loop

Title source: llm

Description

FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later.

References (3)

Scores

CVSS v3 6.5
EPSS 0.0051
EPSS Percentile 66.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE
CWE-835
Status published

Affected Products (1)

ffmpeg/ffmpeg < 4.0.1

Timeline

Published Jul 23, 2018
Tracked Since Feb 18, 2026