CVE-2019-18214

HIGH

Video Converter - Resource Leak

Title source: rule

Description

The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/PaulLereverend/NextcloudVideo_Converter/issues/22

Scores

CVSS v3 7.7

EPSS 0.0037

EPSS Percentile 58.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Details

CWE

CWE-772

Status published

Products (1)

video_converter_project/video_converter 0.1.0

Published Oct 19, 2019

Tracked Since Feb 18, 2026