Home > Vulnerability Database > CVE-2018-1999013

Mend.io Vulnerability Database

CVE-2018-1999013

Good to know:

Date: July 23, 2018

FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later.

Language: C

Severity Score

3.7

Related Resources (5)

Url: https://security-tracker.debian.org/tracker/CVE-2018-1999013

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-1999013

Url: http://www.securityfocus.com/bid/104896

Url: https://github.com/FFmpeg/FFmpeg/commit/a7e032a277452366771951e29fd0bf2bd5c029f0

Url: https://www.mend.io/vulnerability-database/CVE-2018-1999013

Severity Score

3.7

Weakness Type (CWE)

Use After Free

CWE-416

Top Fix

Upgrade Version

Upgrade to version n4.0.2

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-1999013

Good to know:

Date: July 23, 2018

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?