Test ID:	1.3.6.1.4.1.25623.1.0.113374
Category:	Denial of Service
Title:	FFmpeg <= 4.1.2 Denial of Service (DoS) Vulnerability
Summary:	FFmpeg is prone to a denial of service vulnerability.
Description:	Summary: FFmpeg is prone to a denial of service vulnerability. Vulnerability Insight: libavcodec/hevcdec.c mishandles detection of duplicate first slices, which allows remote attackers to cause a NULL pointer dereference or an out-of-array access via crafted HVEC data. Vulnerability Impact: Successful exploitation would allow an attacker to cause a denial of service or possibly have other unspecified impact. Affected Software/OS: FFmpeg through version 4.1.2. Solution: Update to version 4.1.3. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-11338 BugTraq ID: 108034 http://www.securityfocus.com/bid/108034 Bugtraq: 20190523 [SECURITY] [DSA 4449-1] ffmpeg security update (Google Search) https://seclists.org/bugtraq/2019/May/60 Debian Security Information: DSA-4449 (Google Search) https://www.debian.org/security/2019/dsa-4449 https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html SuSE Security Announcement: openSUSE-SU-2020:0024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html https://usn.ubuntu.com/3967-1/ https://usn.ubuntu.com/4431-1/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.