CVE-2018-1999013
Published: 23 July 2018
FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later.
Notes
| Author | Note |
|---|---|
| mdeslaur | marking chromium-browser as ignored, since we do full-version updates, and rely on upstream's bundled ffmpeg version |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
chromium-browser Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
| cosmic |
Ignored
|
|
| disco |
Ignored
|
|
| eoan |
Ignored
|
|
| focal |
Ignored
|
|
| groovy |
Ignored
|
|
| hirsute |
Ignored
|
|
| impish |
Ignored
|
|
| jammy |
Ignored
|
|
| kinetic |
Ignored
|
|
| lunar |
Ignored
|
|
| mantic |
Ignored
|
|
| trusty |
Does not exist
(trusty was ignored [no longer updated])
|
|
| upstream |
Released
|
|
| xenial |
Ignored
|
|
|
ffmpeg Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(7:3.4.4-0ubuntu0.18.04.1)
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Not vulnerable
(7:4.0.2-1)
|
|
| eoan |
Not vulnerable
(7:4.0.2-1)
|
|
| focal |
Not vulnerable
(7:4.0.2-1)
|
|
| groovy |
Not vulnerable
(7:4.0.2-1)
|
|
| hirsute |
Not vulnerable
(7:4.0.2-1)
|
|
| impish |
Not vulnerable
(7:4.0.2-1)
|
|
| jammy |
Not vulnerable
(7:4.0.2-1)
|
|
| kinetic |
Not vulnerable
(7:4.0.2-1)
|
|
| lunar |
Not vulnerable
(7:4.0.2-1)
|
|
| mantic |
Not vulnerable
(7:4.0.2-1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
Patches: upstream: https://github.com/FFmpeg/FFmpeg/commit/a7e032a277452366771951e29fd0bf2bd5c029f0 |
||
|
gst-libav1.0 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Does not exist
(trusty was needs-triage)
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
oxide-qt Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [Ubuntu touch end-of-life])
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
(Ubuntu touch end-of-life)
|
|
|
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |