CVE-2018-19129

Published: 9 November 2018

In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
libav Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was needs-triage)
	upstream	Needs triage
	xenial	Does not exist

Notes

Author	Note
ebarretto	No fix available as of 2019-03-01

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19129
https://bugzilla.libav.org/show_bug.cgi?id=1138
NVD
Launchpad
Debian

Bugs

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›