CVE-2019-9719
EUVD-2019-1908419.09.2019, 21:15
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is providedEnginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libav | libav | 𝑥 ≤ 12.3 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ffmpeg |
| ||||||||||||||||||||||||||||
| gst-libav1.0 |
| ||||||||||||||||||||||||||||
| qtwebengine-opensource-src |
| ||||||||||||||||||||||||||||
| vice |
|
Common Weakness Enumeration
References