CVE-2019-9718

Published March 12th, 2019

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

FFmpeg/FFmpeg

Mirror of https://git.ffmpeg.org/ffmpeg.git

GitHub

61.4K