CVE-2019-9721

Published: 3/12/2019 Last updated: 8/4/2024 Reserved: 3/12/2019

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (3)

conf-ffmpeg ffmpeg opus

Products affected (2)

Product	Vendor	Version
n/a	n/a	86e48c03d774e01ccd71ecba4fc4b5c2bc0b5b41
n/a	n/a	< 6f7cfee1a316891890c505563aa54f3476db52fd

References (16)

http://www.securityfocus.com/bid/107384
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65
https://usn.ubuntu.com/3967-1/
https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774
http://www.securityfocus.com/bid/107384
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65
https://usn.ubuntu.com/3967-1/
https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65
https://usn.ubuntu.com/3967-1/
https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774
http://www.securityfocus.com/bid/107384
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65
https://usn.ubuntu.com/3967-1/
https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774
http://www.securityfocus.com/bid/107384