CVE-2019-9720

MEDIUM

Libav 12.3 - Buffer Overflow

Title source: llm

Description

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/libav/libav/blob/df744e3cf66548c9167ea857104a29d2ea92819e/libavcodec/srtdec.c#L161

View Exploit ZIP pw:eip

Third Party Advisory x_refsource_misc

https://lgtm.com/security/

Scores

CVSS v3 6.5

EPSS 0.0029

EPSS Percentile 52.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-787

Status published

Products (1)

libav/libav < 12.3

Published Sep 19, 2019

Tracked Since Feb 18, 2026