CVE-2018-20001

Published: Dec 10, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input.

Affected (1)

Products: Libav: Libav

Libav

1 product

Libav

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libav Libav	Version 12.3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://bugzilla.libav.org/show_bug.cgi?id=1141

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://bugzilla.libav.org/show_bug.cgi?id=1141

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.