Your submission was sent successfully! Close

CVE-2019-17539

Published: 14 October 2019

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
bionic
Released (7:3.4.8-0ubuntu0.2)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Not vulnerable
(7:4.2.1-2)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not present)
libav
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

Notes

AuthorNote
ebarretto
This issue was caused by b1febda0619
The above commit was never integrated to 2.8.x
but for 3.4, it was both integrated and fixed in 3.4.7, so
letting bionic version marked as needed.

References

Bugs