CVE-2018-19130

Published: 9 November 2018

** DISPUTED ** In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
libav Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was needs-triage)
	upstream	Needs triage
	xenial	Does not exist

Notes

Author	Note
ebarretto	No fix available as of 2019-03-01

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19130
https://bugzilla.libav.org/show_bug.cgi?id=1139
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›